gpt
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted user data for chat completions and embeddings, which is then forwarded to the OpenAI API. This creates a surface for malicious content within inputs to influence the agent or the third-party service. • Ingestion points: User prompts and text inputs defined in SKILL.md. • Boundary markers: No delimiters or isolation instructions are present to separate untrusted content from the API payload. • Capability inventory: Network access via 'curl' to api.openai.com. • Sanitization: No input validation or filtering logic is specified.
- Data Exfiltration (LOW): The skill transmits data to 'api.openai.com'. While legitimate for the skill's functionality, this domain is not on the whitelist and constitutes a potential egress point for sensitive data.
- Command Execution (LOW): The metadata specifies requirements for 'curl' and 'jq' binaries, and the documentation includes example commands intended for execution by the agent.
Audit Metadata