openai-deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the established Playwright library for browser automation to interact with the ChatGPT interface, which is the intended and documented purpose of the tool.
- [SAFE]: Session credentials (cookies) are stored locally in the user's home directory (~/.openai-deep-research/). Analysis confirms these credentials are not transmitted to any unauthorized external domains or third-party services.
- [SAFE]: Subprocess calls are limited to checking for the presence of the Chromium browser and verifying the Playwright installation, representing standard system checks without risk of arbitrary command execution.
- [SAFE]: Remote downloads are restricted to official browser binaries (Chromium) managed by the Playwright toolchain, which is a well-known and trusted technology provider.
- [PROMPT_INJECTION]: The skill ingests data from external AI-generated responses in deep_research_browser.py. Evidence: 1. Ingestion point: ChatGPT response text via extract_content. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess system checks, local file writing, and browser navigation. 4. Sanitization: None. This reflects the standard operational surface of a browser-based research tool rather than an active security flaw.
Audit Metadata