openai-agents-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The templates require the installation of the
openai-agentspackage, which is a third-party framework rather than the official OpenAI client library. Evidence: Installation instructions found intemplates/agent_gemini.py,templates/agent_mcp.py, andexamples/todo-agent.md. - [PROMPT_INJECTION] (LOW): The skill implements an architecture vulnerable to indirect prompt injection via the Model Context Protocol (MCP) surface. 1. Ingestion points:
templates/agent_mcp.pyandexamples/todo-agent.mdingest tool definitions and execution results from an externalMCP_SERVER_URLvia theMCPServerStreamableHttpclass. 2. Boundary markers: Absent. Agent instructions do not include delimiters or warnings to ignore instructions embedded in server-provided tool data. 3. Capability inventory: The agents can invoke tools provided by the connected MCP server, which may include state-changing operations likedelete_taskas seen intodo-agent.md. 4. Sanitization: No sanitization or schema validation of the data returned from the MCP server is present in the templates.
Audit Metadata