The Agent Skills Directory

[Unverifiable Dependencies] (HIGH): The skill documentation explicitly instructs the agent to run npm install @openai/chatkit-react and @openai/chatkit.
Evidence: Found in REFERENCE.md under the Installation section.
Risk: These packages do not exist in the official OpenAI npm registry. Promoting the installation of non-existent packages under a trusted namespace is a hallmark of dependency confusion attacks, where an attacker registers the name on a public registry to gain remote code execution during the installation process.
[Metadata Poisoning] (HIGH): The skill is titled and described as an official setup for "OpenAI ChatKit", providing links to what appear to be official documentation pages.
Evidence: SKILL.md name and description; REFERENCE.md links to https://platform.openai.com/docs/guides/chatkit and https://openai.github.io/chatkit-js/.
Risk: "OpenAI ChatKit" is not a real product, and the provided URLs are non-functional (404). This level of deception regarding official affiliation is used to lower the user's or agent's security guard, potentially leading to the execution of the dangerous installation commands.
[Command Execution] (MEDIUM): The skill requests broad tool permissions including Bash and Glob to facilitate the installation of these unverified dependencies.
Evidence: allowed-tools in SKILL.md.
Risk: Grants the capability to execute the malicious installation command in a shell environment.

openai-chatkit-setup