The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill defines a validation script scripts/validate-api-spec.sh and requests Bash access with npm, npx, and openapi-generator.
Evidence: allowed-tools: Bash(npm:*,npx:*,openapi-generator:*) in SKILL.md.
Context: These are standard tools for API linting and SDK generation, matching the skill's primary purpose. The provided shell script only performs read-only grep operations for validation and does not execute external commands.
[DATA_EXPOSURE] (SAFE): No hardcoded credentials or sensitive file paths were detected. The api-security.yaml file contains illustrative examples and best practice configurations (e.g., sk_live_abc123...) rather than actual secrets.
[REMOTE_CODE_EXECUTION] (SAFE): No remote script downloads (curl/wget | bash) or dynamic code execution patterns were found.
[PROMPT_INJECTION] (SAFE): The instructions are strictly focused on API design guidance and do not contain bypass markers or attempts to override agent behavior.

api-architect