Skills
skills/bbrowning/bbrowning-claude-marketplace/Validating OpenAI API Implementations/Gen Agent Trust Hub

Validating OpenAI API Implementations

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches an OpenAPI specification from app.stainless.com. Per the trust-scope-rule, this is a well-known service and the reference is documented neutrally.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform command-line operations, specifically using curl to download files and grep to process them locally.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from an external YAML file.
  • Ingestion points: Remote download of openapi.documented.yml from a third-party URL.
  • Boundary markers: Absent. The agent is not instructed to ignore potentially malicious instructions embedded in the schema descriptions.
  • Capability inventory: Subprocess execution (curl, grep) and file system access (read).
  • Sanitization: Absent. The agent processes the raw content of the specification file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 11:40 AM