openai-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill's behavior matches its described purpose of providing OpenAI API integration templates.
- DATA_EXPOSURE (SAFE): The skill correctly implements credential management via
process.env.OPENAI_API_KEY. It explicitly documents the risks of client-side key exposure and provides server-side proxy examples as a safer alternative. - COMMAND_EXECUTION (SAFE): Shell scripts included in the skill (e.g.,
check-versions.sh) are limited to checking local package versions and do not perform arbitrary command execution or privilege escalation. - EXTERNAL_DOWNLOADS (LOW): Network activity is restricted to the official
api.openai.comendpoints. While it involves external communication, this is the primary intended function of the skill and is directed at a trusted source. - INDIRECT_PROMPT_INJECTION (LOW): The skill facilitates processing of LLM outputs (e.g., function calling and transcription). While this presents a theoretical attack surface common to all LLM-integrated tools, the skill provides templates for structured output and validation which help mitigate these risks.
Audit Metadata