openapi-parser

The skill bundle provides instructions for an AI agent to execute shell commands (grep, find) and includes Lua script templates with network (http) and environment variable (os.getenv) access. While these capabilities are aligned with the stated purpose of parsing OpenAPI specifications and generating Drift tests, they represent high-risk behaviors and potential shell injection vulnerabilities (e.g., in SKILL.md and references/example-repos.md) if user-provided paths or parameters are not properly sanitized by the agent before execution.