openai-responses
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): Vulnerable data ingestion surface found in 'templates/cloudflare-worker.ts'. * Ingestion points: Untrusted data enters via the 'input' field of the request JSON in the 'fetch' handler. * Boundary markers: None are implemented; user strings are processed directly by the model. * Capability inventory: The examples demonstrate access to high-impact tools including 'mcp' (authorized for Stripe and databases), 'web_search', and 'code_interpreter'. * Sanitization: There is no evidence of sanitization or safety-filtering of the input before it is sent to the LLM.
Recommendations
- AI detected serious security threats
Audit Metadata