ai-provider-openai-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides official implementation patterns for the OpenAI SDK, promoting best practices for security and error handling.\n- [EXTERNAL_DOWNLOADS]: References standard dependencies (openai and zod) from the public NPM registry.\n- [COMMAND_EXECUTION]: Demonstrates use of standard Node.js file system APIs for processing local media files in legitimate AI workflows.\n- [DATA_EXFILTRATION]: Network communication is restricted to legitimate API endpoints (OpenAI and Azure). No unauthorized data transfer patterns were detected.\n- [PROMPT_INJECTION]: The skill documents handling of external data (e.g., article text). While this creates an indirect injection surface, the skill mitigates risk by instructing the use of the developer role and Zod schema validation.\n
- Ingestion points: articleText and imageUrl (examples/structured-output.md, examples/embeddings-vision-audio.md)\n
- Boundary markers: Usage of the developer role for instructions (examples/structured-output.md)\n
- Capability inventory: File system read access and network API calls (examples/embeddings-vision-audio.md, SKILL.md)\n
- Sanitization: Use of zodResponseFormat for output validation (SKILL.md)
Audit Metadata