openapi-to-application-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Input Requirements explicitly allow supplying a URL to an OpenAPI specification (e.g., "https://api.example.com/openapi.json"), which the agent is expected to fetch, validate, and parse as part of the required generation workflow, so untrusted third-party spec content could materially influence code-generation decisions and actions.