openai-agents
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (INFO): The skill is a set of educational templates that prioritize security best practices. For example,
agent-human-approval.tsdemonstrates mandatory human-in-the-loop (HITL) authorization for sensitive operations likedelete_accountandsend_email.- SAFE (INFO): Includes dedicated safety templates inagent-guardrails-input.tsandagent-guardrails-output.tsto detect and mitigate prompt injection, jailbreak attempts, and PII leaks.- SAFE (INFO): Secure architectural patterns for voice agents are demonstrated inapi-realtime-route.ts, showing how to generate ephemeral session tokens server-side to avoid exposing theOPENAI_API_KEYto the client browser.- COMMAND_EXECUTION (LOW): The maintenance scriptscripts/check-versions.shexecutes thenpm viewcommand to verify package versions against the registry. This is a standard utility and poses no security risk.- INDIRECT_PROMPT_INJECTION (LOW): While the templates ingest untrusted user input, the package includes extensive mitigation strategies (Guardrails, HITL, and structured output validation) to secure the agent's reasoning and capability surfaces.
Audit Metadata