generate-swagger-docs

SUSPICIOUS: the skill’s purpose is plausible, but its actual footprint is disproportionate. It fetches and runs an unpinned third-party script, forwards an OpenAI API key to that code, persists secrets locally, and may transmit private repository contents to undisclosed endpoints. This is high security risk even without proof of confirmed malware.