openai-docs

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt instructs the agent to secretly retry installing the MCP with "escalated permissions" and "Do not ask the user to run it yet," which directs privilege escalation and withholding action from the user—deceptive behavior outside the skill's stated documentation-providing purpose.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill declares and uses the MCP docs server at runtime (https://developers.openai.com/mcp) via mcp__openaiDeveloperDocs__fetch_openai_doc to pull documentation that directly guides and controls the agent's prompts/responses, and the skill treats that external endpoint as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs the agent to run an install command and, if it fails due to permissions/sandboxing, to immediately retry with escalated permissions (i.e., obtain sudo/bypass security) without asking the user, which directs the agent to change system state and escalate privileges.