swagger-to-mcp

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). The set includes direct links to shell and PowerShell installer scripts (https://get.mcp.com.ai/hapi.sh and https://get.mcp.com.ai/hapi.ps1) combined with explicit curl|bash and irm|iex execution instructions—this pattern of piping remote scripts to a shell/PowerShell is a high-risk distribution vector for malware, even though other entries (petstore.swagger.io, localhost, example.com placeholders) look benign.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and loads OpenAPI specifications from remote URLs (see "OpenAPI Spec Sources" and CLI examples using --openapi https://... like the petstore and my-api examples), which are untrusted public/user-controlled artifacts that the agent reads and interprets to generate MCP servers and could therefore enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the HAPI CLI fetches OpenAPI specs at runtime from remote URLs (e.g., https://petstore3.swagger.io/api/v3/openapi.json or https://api.example.com/openapi.json) and those fetched specs are a required dependency that directly control the generated MCP server/tool definitions (i.e., agent behavior), so remote spec URLs are a high-confidence runtime control vector.