The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill processes untrusted OpenAPI specifications through the speakeasy suggest command. This creates an attack surface where an attacker can embed malicious instructions within the spec (e.g., in descriptions or operation IDs) to influence the AI's naming suggestions or downstream agent actions.\n
Ingestion points: OpenAPI spec file path provided via the -s flag in SKILL.md.\n
Boundary markers: Absent; there are no instructions to the agent to ignore embedded commands within the processed data.\n
Capability inventory: Execution of speakeasy suggest commands and file writing via the -o output flag.\n
Sanitization: Absent; the skill does not perform validation or sanitization of the external OpenAPI content before processing.\n- [Command Execution] (MEDIUM): The skill relies on executing the speakeasy CLI. While the commands are specific, they depend on an external binary and environment state, which could be exploited if the CLI tool or the input spec is compromised.\n- [Credentials Unsafe] (LOW): The skill instructions involve setting the SPEAKEASY_API_KEY environment variable. While it uses placeholders, the workflow encourages the management of sensitive credentials in the shell environment, which is a common point of exposure.

improve-sdk-naming