openapi-spec-builder

Overall, the skill is conceptually aligned with its purpose of generating OpenAPI specifications and operates within a reasonable, self-contained scope. The primary security concern is inadvertent embedding of user-supplied secrets (e.g., passwords or API keys) into the generated specification if the prompts contain them. No evident download/execution, credential forwarding to third-party tooling, or exfiltration mechanisms are described. To improve safety, enforce redaction/sanitization of secrets, add an explicit user confirmation step before exporting production-ready specs, and validate that all $ref references resolve within the generated document.