security-review-openai
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a documentation-based extension providing high-quality security specifications derived from industry standards (OWASP, MDN). It contains no executable scripts, hardcoded credentials, or network exfiltration logic.
- [PROMPT_INJECTION]: In the
SKILL.mdfile, the instructions include an 'Overrides' section that directs the agent to respect project-specific documentation even if it requires bypassing the security best practices defined in the skill. While this is intended to ensure the agent remains helpful in unique project contexts, it creates a surface where the skill's primary safety goal can be countermanded by user-supplied project files. - [PROMPT_INJECTION]: There is a metadata discrepancy in
SKILL.mdwhere theauthorfield is set to 'OpenAI', whereas the skill's actual author context is 'lawvable'. This is misleading metadata but does not pose a direct technical risk.
Audit Metadata