OpenAI Apps MCP
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill provides legitimate templates and documentation for building Model Context Protocol (MCP) servers on Cloudflare Workers specifically for OpenAI integration.
- [EXTERNAL_DOWNLOADS]: The skill instructions and configuration files reference official packages from trusted organizations including
@modelcontextprotocol,hono, andcloudflare. These are standard dependencies for the described functionality. - [PROMPT_INJECTION]: The skill facilitates the creation of MCP servers which process user input (Indirect Prompt Injection surface). However, the provided templates include security best practices such as strict CORS origin policies (restricted to
https://chatgpt.com) and schema validation using Zod to sanitize incoming data. - [COMMAND_EXECUTION]: The skill includes placeholders for scripts but does not contain any functional or malicious command execution patterns. The
Bashtool is requested for development tasks like scaffolding and deployment viawrangler.
Audit Metadata