swagger2skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses arbitrary OpenAPI URLs (see swagger2skill.py → openapi_parser.py using urlopen and scripts/get_category_details.py) and then requires Claude Code to read and act on that untrusted spec content to generate CLI code (Step 5), so third-party spec content can materially influence agent behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches a user-provided OpenAPI URL at runtime (e.g., https://tmp-airflow.momenta.works/api/v1/openapi.json or any passed to scripts/swagger2skill.py and scripts/get_category_details.py) via urlopen and then directly uses the fetched spec to build AskUserQuestion options and to drive generation of CLI code, so remote content can directly control prompts and generated/executed code.