openai-api
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a high-quality educational resource and template library for integrating OpenAI services. It prioritizes security by explicitly warning against client-side API key exposure and providing patterns for server-side proxies.
- [DATA_EXPOSURE]: All templates correctly utilize
process.env.OPENAI_API_KEYrather than hardcoding credentials. Network calls are exclusively directed to the official OpenAI API domain (api.openai.com), which is a well-known and trusted service. - [COMMAND_EXECUTION]: The skill includes a helper script
scripts/check-versions.shwhich uses standardnpmcommands (npm list,npm view) to verify package versions. This is a common development utility and does not perform any dangerous operations. - [INDIRECT_PROMPT_INJECTION]: As the skill is designed to process user input (e.g., in chat completions and vision tasks), it inherently possesses an attack surface for indirect prompt injection. However, the skill mitigates this by providing templates for structured outputs with strict schema validation (
strict: true) and utilizing the Moderation API to scan for harmful content.
Audit Metadata