building-chatgpt-apps
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- [SAFE] (INFO): Analysis of the provided files reveals no malicious patterns. The content is purely educational, focused on implementing the Model Context Protocol (MCP) and ChatGPT widgets.
- [EXTERNAL_DOWNLOADS] (LOW): References to ngrok are present. This is a standard developer tool for creating secure tunnels to local servers. While it involves external connectivity, it is used here for testing and development purposes as described in the documentation.
- [COMMAND_EXECUTION] (LOW): A shell script and Python snippets provide commands for killing local processes (kill -9) and testing connectivity (curl). These are routine administrative tasks for a development environment.
- [FALSE_POSITIVE_ANALYSIS] (INFO): The security alert regarding 'window.openai.ca' appears to be a misinterpretation of the 'window.openai' JavaScript object path discussed in the debugging documentation. No network requests to a '.ca' domain were found.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata