openai-docs-skill
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses a bash script (scripts/openai-docs-mcp.sh) to interact with an API. Input parameters are passed to jq using --arg, which correctly escapes characters and prevents command injection.
- [DATA_EXFILTRATION] (LOW): Documentation queries are sent to developers.openai.com. Although this domain is not on the trusted whitelist, the traffic is limited to documentation search and is consistent with the skill's stated purpose.
- [EXTERNAL_DOWNLOADS] (LOW): The skill retrieves documentation in markdown format from a remote server. This is an intended feature but technically involves downloading external data.
- [PROMPT_INJECTION] (LOW): Provides a surface for indirect prompt injection. (1) Ingestion points: content is fetched from developers.openai.com via scripts/openai-docs-mcp.sh. (2) Boundary markers: None are provided in the instructions to the agent. (3) Capability inventory: The agent can execute local shell scripts and access the file system. (4) Sanitization: No sanitization is performed on the documentation text before it is presented to the agent.
Audit Metadata