chatgpt-apps
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- Documentation-First Workflow: The skill is designed to integrate with official OpenAI developer documentation, ensuring that any generated scaffolds or code modifications are grounded in current, recommended implementation and security standards.
- Project Scaffolding Utility: Includes a Node.js utility script,
scripts/scaffold_node_ext_apps.mjs, which automates the creation of standard project boilerplates. This script uses predefined templates to write configuration files, server code, and widget HTML to a local directory specified by the user. - Security Configuration Guidance: Provides detailed references and instructions for implementing Content Security Policy (CSP) allowlists and resource metadata. This is a critical step for securing widget resources and controlling external network connections.
- Official Library Dependencies: The scaffolded projects utilize official packages such as
@modelcontextprotocol/ext-appsand@modelcontextprotocol/sdk, which are well-maintained libraries for building MCP-compliant applications. - Validation Framework: Promotes a 'Minimum Working Repo Contract' and a tiered validation ladder, encouraging developers to verify repository structure, syntax, and connectivity to ensure reliability and safety before deployment.
Audit Metadata