api-anything

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 ingestion explicitly accepts OpenAPI/Swagger specs "from URL, local file path, or raw pasted content" (SKILL.md, "Phase 1: Ingest the spec"), meaning it fetches and parses arbitrary third‑party/public specs which the agent must read and interpret to generate CLI code — content that can materially change generated commands, auth wiring, and runtime behavior.