The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documentation includes shell script templates intended for use in CI/CD pipelines to run API validation tools such as oasdiff and spectral. While these are standard development practices, the availability of the Bash tool to the agent means these patterns could be executed within the environment.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because its primary function involves reading and managing external, untrusted API specification files.
Ingestion points: The skill processes files within the specs/ directory using Read, Glob, and Grep tools.
Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between its internal logic and the potentially adversarial content found in external specification descriptions or metadata.
Capability inventory: The agent is granted Bash, Write, and Edit permissions, which could be leveraged if an attacker-controlled specification file successfully influences the agent's behavior.
Sanitization: The skill does not define any input validation or sanitization procedures for the data extracted from the OpenAPI or AsyncAPI files before it is used in subsequent operations.

contract-first-design