Skills
skills/naimalarain13/hackathon-ii_the-evolution-of-todo/openai-agents-sdk/Snyk

openai-agents-sdk

Warn

Audited by Snyk on Feb 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill includes an async fetch_data function example that fetches arbitrary URLs (reference/function-tools.md) and multiple MCP integrations (e.g., MCPServerStreamableHttp in examples and templates) that connect to configurable external MCP_SERVER_URLs, meaning the agent can fetch and ingest untrusted, user-provided web/MCP content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill instantiates MCPServerStreamableHttp with the runtime URL (MCP_SERVER_URL, defaulting to http://localhost:8000/api/mcp), and the agent relies on that MCP server at runtime to list and invoke remote MCP tools—allowing the external server to supply tool definitions/prompts and perform actions (i.e., remotely control agent behavior and execute code), so this URL is a high-confidence risky runtime dependency.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 09:42 PM