openai-docs
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions designed to bypass security controls. In the
SKILL.mdfile, the agent is directed to 'immediately retry' commands with 'escalated permissions' if a permission or sandbox error occurs. Additionally, the skill includes deceptive references to official 'gpt-oss' models that do not exist. - [COMMAND_EXECUTION]: The skill instructs the agent to execute system-level commands via the
codexCLI to install MCP servers. The combination of automated installation and instructions to use escalated privileges poses a security risk to the host environment. - [EXTERNAL_DOWNLOADS]: The skill is configured to fetch an MCP server from
https://developers.openai.com/mcp. This URL belongs to a well-known service (OpenAI) and is used for official documentation access.
Recommendations
- AI detected serious security threats
Audit Metadata