The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The script Client/scripts/generate-openapi.js downloads a specification from a URL provided via command line. It explicitly disables SSL certificate validation by setting process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0", which allows attackers to intercept and modify the specification during transit via Man-in-the-Middle (MITM) attacks.\n- [COMMAND_EXECUTION] (LOW): The skill defines a generate-client script in package.json and requires the Bash tool to run the generation process.\n- [DYNAMIC_EXECUTION] (MEDIUM): The skill uses the @hey-api/openapi-ts library to generate TypeScript source code at runtime based on the contents of the fetched OpenAPI specification. If the specification is compromised, the generated code could contain malicious logic or vulnerabilities.\n- [INDIRECT_PROMPT_INJECTION] (LOW):\n
Ingestion points: Client/scripts/generate-openapi.js fetches from a URL specified by the user.\n
Boundary markers: None identified for the specification content.\n
Capability inventory: Uses createClient to write generated code to the local file system (src/api).\n
Sanitization: No validation or sanitization of the downloaded specification is performed before code generation.

umbraco-openapi-client