dmr-openapi-skeleton

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and processes OpenAPI specifications provided as files, URLs, or pasted documents (see SKILL.md header "Use when Codex needs to turn an OpenAPI file, URL, or pasted document..." and the "Read the specification first" workflow), meaning untrusted third‑party specs can be fetched/read and directly influence generated code and subsequent actions, enabling indirect prompt injection.