The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the spectral CLI tool and various internal Python scripts to audit OpenAPI specifications and generate reports. These commands are executed using structured argument lists (via subprocess.run), which prevents shell-based command injection. These operations are limited to the local environment and the user's current directory.
[EXTERNAL_DOWNLOADS]: The skill recommends the installation of the @stoplight/spectral-cli via npm. Spectral is a well-known, trusted, and industry-standard tool for linting API specifications. This dependency is consistent with the skill's primary purpose of API assessment.
[DATA_EXFILTRATION]: No evidence of unauthorized network operations or data exfiltration was found. The skill processes data locally, utilizing the system's temporary directory for intermediate results and saving final reports into a user-visible api-reports folder. No sensitive file paths (e.g., SSH, AWS, or environment files) are accessed.
[PROMPT_INJECTION]: The skill's instructions are focused on guiding the user through a structured 7-step API design process and automated assessment workflow. It does not contain patterns intended to bypass AI safety guidelines or override agent constraints.
[REMOTE_CODE_EXECUTION]: The skill does not download or execute arbitrary code from remote servers. All logic is contained within the local Python and JavaScript files provided with the skill or well-known package registries (NPM).

api-design