api-test

The skill bundle provides a generic HTTP client in 'Skill.py' that allows the agent to perform arbitrary GET and POST requests to any user-provided URL. This implementation lacks any domain whitelisting or input sanitization, creating a high risk for Server-Side Request Forgery (SSRF) attacks against internal or external resources. While the 'SKILL.md' describes the tool as an API documentation assistant, the underlying code is a broad network utility without safety constraints.