openai-docs
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute system commands using a 'codex' CLI tool to install external MCP components.
- [PROMPT_INJECTION]: The skill contains instructions specifically designed to bypass security and permission boundaries by attempting to run commands with 'escalated permissions' without user consent ('immediately retry the same command with escalated permissions' and 'Do not ask the user to run it yet').
- [PROMPT_INJECTION]: The skill provides instructions to override default agent behavior based on non-existent or unreleased AI models (e.g., 'GPT-5.4', 'gpt-oss-120b'), which may cause the agent to generate deceptive or inaccurate content.
- [EXTERNAL_DOWNLOADS]: The skill fetches configuration for an MCP server from the official OpenAI developer domain.
Recommendations
- AI detected serious security threats
Audit Metadata