openai
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes
curlfor making HTTP requests andjqfor processing JSON data. It employsbash -cto ensure environment variables are correctly passed through pipes, which is a documented workaround for specific agent behaviors and does not introduce security vulnerabilities in this context. - [DATA_EXFILTRATION] (SAFE): While the skill communicates with an external domain (
api.openai.com), this is the primary and intended purpose of the skill. There is no evidence of unauthorized access to sensitive local files or exfiltration of private data. - [CREDENTIALS_UNSAFE] (SAFE): The skill correctly identifies
OPENAI_API_KEYas a secret in the YAML frontmatter and uses placeholders in examples. No actual API keys or credentials are hardcoded. - [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download or execute remote scripts or binary files. All commands are static and executed locally via
curlandjq.
Audit Metadata