The Agent Skills Directory

[CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets or API keys were found. The templates correctly utilize environment variables (process.env.OPENAI_API_KEY) and Cloudflare Worker environment bindings for sensitive credentials.
[COMMAND_EXECUTION] (SAFE): The utility script scripts/check-versions.sh performs safe version checks using npm and node. No patterns for arbitrary shell command injection or risky subprocess spawning were detected.
[EXTERNAL_DOWNLOADS] (SAFE): The templates/image-generation.ts file includes logic to download generated images from OpenAI's CDN and save them locally. This is a documented and expected behavior for an image generation demonstration.
[DATA_EXFILTRATION] (SAFE): Network activity is limited to official OpenAI API endpoints and specified MCP (Model Context Protocol) server URLs provided as examples. No unauthorized data transmission or exfiltration patterns were identified.
[PROMPT_INJECTION] (LOW): As the skill is designed to interface with LLMs, it is naturally subject to prompt injection through user inputs. The templates demonstrate standard integration patterns where the model provider's safety filters are expected to be the primary defense.

openai-responses