clerk-backend-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches OpenAPI specs from public GitHub/raw.githubusercontent.com URLs (see scripts/api-specs-context.sh and the curl commands in SKILL.md that load https://raw.githubusercontent.com/clerk/openapi-specs/main/bapi/...), and those external specs are parsed and used to determine endpoints, parameters, and execute requests—so untrusted third-party content is read and can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime explicitly fetches OpenAPI specs from https://raw.githubusercontent.com/clerk/openapi-specs/main/bapi/${version_name} (and the GitHub API URL https://api.github.com/repos/clerk/openapi-specs/contents/bapi) which are required at runtime and whose fetched content is parsed to determine tags/endpoints and thus directly control the agent's actions.