orval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes ingesting OpenAPI specifications from remote URLs (e.g., orvalcfg-input-validation.md shows api.input.target: 'https://api.example.com/openapi.json' and adv-input-transformer.md describes processing input specs), meaning an agent using this skill would fetch and parse third‑party/untrusted OpenAPI documents as part of its workflow and could thereby be exposed to indirect prompt injection.