The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external OpenAPI specifications that may contain instructions designed to manipulate the agent.
Ingestion points: The skill actively searches for and reads local files (e.g., openapi.yaml, swagger.json) using Glob and Read tools, as well as remote specs via mcp__postman__getSpecDefinition.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate natural language instructions that might be embedded within the descriptions or metadata of the API specifications being analyzed.
Capability inventory: The skill utilizes powerful tools including Bash, Write, and various mcp__postman__* tools which allow for file system modification and network interaction with Postman services.
Sanitization: The instructions do not define any sanitization or validation steps to ensure that content from the API specs is treated strictly as data rather than instructions.
[COMMAND_EXECUTION]: The skill explicitly requests the Bash tool in its allowed-tools list. While the documented workflow focuses on file discovery and analysis, the presence of a general-purpose shell tool represents an elevated capability that could be exploited if the agent is successfully manipulated via the aforementioned injection surface.

postman-api-readiness