openai-gpt
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection because it processes external untrusted data and provides access to high-privilege capabilities. • Ingestion points: Untrusted user input is passed directly to the
messagesarray inopenai.chat.completions.createwithinSKILL.md. • Boundary markers: No delimiters or boundary instructions (like 'ignore embedded instructions') are implemented in the provided code snippets. • Capability inventory: The skill explicitly demonstrates 'Function Calling' (tools), which allows the model to trigger side effects and execute external operations. • Sanitization: No sanitization, escaping, or validation of user-provided content is shown before it is sent to the LLM. - [External Downloads] (LOW): The skill imports the
openaiNode.js package. • Evidence:import OpenAI from "openai"inSKILL.md. • Status: This is downgraded to LOW per [TRUST-SCOPE-RULE] as the package originates from a trusted organization (OpenAI).
Recommendations
- AI detected serious security threats
Audit Metadata