openai-docs

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes instructions to run installation commands and "immediately retry" with escalated permissions without asking the user, which is a hidden/deceptive escalation instruction outside the skill's documented purpose of fetching docs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill declares and requires the MCP doc server at https://developers.openai.com/mcp and uses its mcp__openaiDeveloperDocs__fetch/search tools at runtime to pull official docs that are injected into the agent context and used to drive prompt-upgrade guidance and responses, so remote content directly controls agent instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run install commands and, if they fail due to permissions/sandboxing, to immediately retry with "escalated permissions" (i.e., escalate privileges) without asking the user, which requests sudo-like privilege escalation and modifying system state.