Skills
skills/brojonat/llmsrules/openai-agents/Gen Agent Trust Hub

openai-agents

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The provided Python code example demonstrates a command-line interface that passes raw user input directly to the agent's runner, which is a standard surface for indirect prompt injection.
  • Ingestion points: User input is retrieved using the input() function in the main loop of SKILL.md and passed directly into Runner.run without pre-processing.
  • Boundary markers: While the instructions use a RECOMMENDED_PROMPT_PREFIX, the code snippet does not explicitly demonstrate the use of delimiters or boundary markers to isolate the user_input variable within the agent's context.
  • Capability inventory: The agent is equipped with a lookup_tool and an update_record tool. The latter allows the agent to modify shared context state (session_id), which could be abused if an attacker triggers the tool with malicious parameters via prompt injection.
  • Sanitization: The example does not include sanitization or validation logic for the ingested user input before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 06:13 AM