openai-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references the official
openaiNode.js package from a trusted organization.\n- Data Exposure & Exfiltration (SAFE): Code templates correctly utilize environment variables for authentication and target official OpenAI endpoints.\n- Indirect Prompt Injection (SAFE): The skill provides patterns for processing external data (text, images, audio). \n - Ingestion points: User messages in templates like
chat-completion-basic.tsand planned vision/audio templates.\n - Boundary markers: Documentation explicitly mentions structured outputs and JSON schema validation.\n
- Capability inventory: SDK calls to
api.openai.com.\n - Sanitization: Recommends JSON schema validation for responses.
Audit Metadata