Skills
skills/modelcontextprotocol/ext-apps/Migrate from OpenAI App/Gen Agent Trust Hub

Migrate from OpenAI App

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to clone a repository from github.com/modelcontextprotocol/ext-apps and then run npm install and npm run start within it. Because the modelcontextprotocol organization is not on the provided Trusted GitHub Organizations list, this is considered execution of unverifiable remote code.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill dynamically fetches version information via npm view to determine a git branch for cloning. This creates a dependency on an external registry that influences the execution environment.
  • [PROMPT_INJECTION] (LOW): The skill includes instructions to 'Preemptively add a final todo item' with specific mandatory wording. This is an attempt to override the agent's natural response pattern to enforce a specific self-reflection workflow.
  • [COMMAND_EXECUTION] (MEDIUM): Multiple shell commands including git clone, npm install, and npm run are used to interact with third-party code. While the domain github.com is whitelisted, the content being executed is not from a trusted source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:00 PM