openai-security-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is instructed to monitor for and follow 'specific rules and instructions in the project's documentation' that 'require you to override certain best practices.' This is a known surface for indirect prompt injection. \n
- Ingestion points: Project documentation and repository files (via Read, Grep, and Glob tools defined in SKILL.md). \n
- Boundary markers: Absent; the agent is explicitly told 'do not fight with them' when encountering overrides. \n
- Capability inventory: The skill allows the use of Bash, Write, and Edit tools (SKILL.md), which can modify the codebase or execute commands. \n
- Sanitization: Absent; no instructions are provided to sanitize or verify external documentation content. \n- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill mentions searching online for documentation if local references are missing, implying the use of the Bash tool for network requests. This finding is downgraded to LOW because the skill is attributed to a trusted organization (OpenAI).
Audit Metadata