openai-assistants
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (CRITICAL): Automated scanning confirmed the presence of a phishing URL (openai.beta.threads.me) associated with the skill's resources. This domain is designed to mimic official OpenAI endpoints to steal user credentials or API keys.
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs users to install 'openai@6.7.0'. The official OpenAI Node.js SDK transitioned from version 3.x to 4.x, and version 6.7.0 does not exist in the official npm registry, indicating this package likely contains malicious code.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: Reads external conversation data via the Messages and Threads API. 2. Boundary markers: Absent; no delimiters separate user content from system instructions. 3. Capability inventory: Provides the agent with 'code_interpreter' (Python execution) and 'file_search' tools. 4. Sanitization: Absent; no validation or escaping of ingested data is mentioned.
- CREDENTIALS_UNSAFE (SAFE): The skill uses placeholder strings ('sk-...') for environment variable examples, which is acceptable practice.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata