upgrade-blockscout-api

The skill description and pipeline are coherent with their stated purpose: refresh swagger-derived API references and apply repo-local patches. Network downloads from GitHub and the Blockscout MCP are required and expected; the main security concerns are supply-chain integrity (trusting remote swagger/MCP responses) and the destructive nature of Step 2 which overwrites reference files. There are no indications of credential harvesting, remote code execution, or hidden exfiltration in the provided instructions. Recommended mitigations: validate or pin release versions when possible, review generated outputs before committing, back up existing reference files before running Step 2, and ensure the MCP and GitHub responses are fetched over HTTPS and reviewed to reduce risk of upstream compromise.