open-responses-agent-dev
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the official
openaipackage from standard registries (npm and PyPI) and utilizes the legitimate HuggingFace router endpoint athttps://router.huggingface.co/v1. - [PROMPT_INJECTION]: The skill provides templates for building agents that ingest untrusted external data via an
inputfield. * Ingestion points: Theinputvariable in the TypeScript and Python agent creation functions. * Boundary markers: No delimiters or specific system instructions to ignore embedded commands are present in the provided examples. * Capability inventory: The demonstrated agents have capabilities for tool execution, specifically weather retrieval and document searching. * Sanitization: No input validation or sanitization logic is included in the starter templates.
Audit Metadata