ydc-openai-agent-sdk-integration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill identifies and mitigates an indirect prompt injection surface. * Ingestion points: Tool results from mcp__ydc__you_search and mcp__ydc__you_contents in SKILL.md. * Boundary markers: Recommended instructions explicitly tell the agent to treat results as data only. * Capability inventory: The agent is configured to use retrieval tools; no shell or code execution capabilities are granted to the tools themselves. * Sanitization: Guidance provided to wrap external content in delimiters with isolation warnings.
- [EXTERNAL_DOWNLOADS]: Fetches dependencies and configuration from trusted sources. Evidence: Downloads the official OpenAI Agents SDK and connects to the author's verified endpoint at api.you.com.
Audit Metadata