openai-docs
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The instructions in SKILL.md direct the agent to autonomously bypass system security constraints. Specifically, if a command fails due to sandboxing or permissions, the agent is instructed to 'immediately retry the same command with escalated permissions' and provide a justification, which is a direct attempt to circumvent user or system-level safety boundaries.
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands (codex mcp add) to modify its environment by installing a remote MCP server. It includes specific instructions for the agent to attempt this installation with escalated privileges if initial attempts are blocked.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. 1. Ingestion points: External documentation is fetched using the mcp__openaiDeveloperDocs__fetch_openai_doc tool. 2. Boundary markers: No delimiters or 'ignore instructions' warnings are specified for the processed content. 3. Capability inventory: The skill instructions include environment modification via codex mcp add. 4. Sanitization: No sanitization or validation of the external content is implemented.
Recommendations
- AI detected serious security threats
Audit Metadata