openai-docs

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt instructs the agent to run install commands and to "immediately retry" with escalated permissions (and "Do not ask the user to run it yet"), which is an instruction to escalate/change execution environment without user consent and is not necessary or disclosed as part of mere docs lookup, so it is a hidden/deceptive directive outside the skill's stated purpose.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs scripts and fetches the live developer docs at runtime (scripts/resolve-latest-model-info.js and workflow steps) and explicitly fetches https://developers.openai.com/api/docs/guides/latest-model.md (and the migration/prompting guide URLs it yields) to determine model IDs and guide prompt-upgrade instructions that directly control the agent's prompts and upgrade behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs retrying installation "with escalated permissions" if it fails due to permissions/sandboxing, which directs the agent to attempt privilege escalation (sudo/bypass security), so it could compromise the machine state.