openai
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard
curlcommands to interact with the official OpenAI API endpoints (api.openai.com). These are documented examples for intended functionality. - [CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage their
OPENAI_API_KEYvia environment variables (printenv OPENAI_API_KEY) and specifies it in thevm0_secretsmetadata, which is the recommended secure pattern for secret handling. The examplesk-...is a generic placeholder and not a hardcoded secret. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.openai.comandupload.wikimedia.org(for a sample image). Both are well-known and legitimate domains for the stated purpose of AI model interaction and testing. - [DATA_EXFILTRATION]: While the skill sends data to OpenAI, this is the primary and disclosed purpose of the skill. There is no evidence of unauthorized data collection or exfiltration to third-party or unknown domains.
Audit Metadata