openai-docs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (HIGH): The 'If MCP server is missing' section in
SKILL.mdinstructs the agent to 'immediately retry the same command with escalated permissions' if it fails due to sandboxing or permissions. This is a deliberate attempt to bypass security constraints. - [Unverifiable Dependencies] (LOW): The skill instructs the agent to self-install an MCP tool using
codex mcp addfrom an external URL. While the domaindevelopers.openai.comis reputable, automated tool installation by an agent increases the system's attack surface. Per [TRUST-SCOPE-RULE], this is downgraded to LOW due to the trusted domain. - [Indirect Prompt Injection] (LOW): The skill processes data from external documentation which could theoretically contain malicious instructions.
- Ingestion points:
mcp__openaiDeveloperDocs__fetch_openai_docinSKILL.md. - Boundary markers: Absent; no instructions are provided to the agent to ignore instructions embedded in the fetched documentation.
- Capability inventory: Shell command execution via
codex mcp add. - Sanitization: Absent; the skill does not specify any filtering or validation for the fetched content.
Recommendations
- AI detected serious security threats
Audit Metadata