create-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 discovery explicitly instructs the agent to WebFetch and parse arbitrary OpenAPI URLs and live documentation pages (see "Strategy B — OpenAPI / Swagger Spec", "Strategy C — Live API Documentation URL", and "Strategy D — Base URL Auto-Discovery"), so untrusted third-party web content is fetched and interpreted to drive command generation and auth/config decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls WebFetch at runtime to load arbitrary OpenAPI/docs URLs (e.g., https://api.example.com/openapi.json) and then parses and injects that spec/docs to generate CLI commands and MCP tools, so fetched external content directly controls the agent's instructions and is required for discovery.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a built-in profile for the Stripe API (api.stripe.com/v1) with starter commands like customers, charges, invoices, subscriptions. The generator also contains templates for authenticated mutations (Template D) that POST/PUT/PATCH/DELETE with JSON bodies and use bearer/auth flows, and it auto-configures auth and generates commands that can call those endpoints (e.g., create charges). Because Stripe is a payment gateway and the skill provides explicit, pre-configured support to generate CLI commands that can perform financial transactions, this constitutes direct financial execution capability.