openai-cli
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the OpenAI CLI from official sources, including the OpenAI Homebrew tap and the official OpenAI GitHub repository (github.com/openai/openai-cli). These are well-known, trusted sources for the specified tool.
- [COMMAND_EXECUTION]: Provides a comprehensive guide for executing shell commands using the openai tool to interact with various API endpoints including files, models, and chat responses.
- [CREDENTIALS_UNSAFE]: References standard environment variables (OPENAI_API_KEY, OPENAI_ADMIN_KEY) for authentication. It correctly uses placeholders (sk-...) for examples and does not contain any hardcoded secrets.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection where untrusted user input is passed to the --input flag of the CLI tool. This is a characteristic of tools designed to process natural language inputs.
- Ingestion points: User-supplied strings used in commands like
openai responses create --input "$input"in SKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat input as data rather than instructions.
- Capability inventory: The agent can execute shell commands and perform network operations via the CLI.
- Sanitization: No sanitization or validation of the input strings is performed by the skill instructions.
Audit Metadata