extension-openai
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill establishes high-standard security practices for handling OpenAI credentials in a canister environment. It ensures that API keys are never returned by public endpoints, are kept in private state, and are only accessible by the authorized owner (per-user) or an admin. It also enforces the use of non-replicated HTTP outcalls, which is critical for preventing sensitive headers from being exposed to all nodes in a subnet.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of verified Motoko packages, including 'openai-client' and 'caffeineai-authorization', through the Mops package manager. These packages are official resources provided by the skill author, caffeinelabs.
- [COMMAND_EXECUTION]: The documentation provides standard CLI instructions for adding dependencies via the 'mops' tool. These are part of the intended development workflow and do not constitute arbitrary or malicious command execution.
- [PROMPT_INJECTION]: The skill defines an ingestion point where untrusted user input is passed to an LLM, creating a potential surface for indirect prompt injection.
- Ingestion points: The 'chat' function in 'src/backend/mixins/openai-chat.mo' accepts a 'prompt' parameter.
- Boundary markers: None are provided in the example boilerplate code.
- Capability inventory: The skill performs network outcalls to the OpenAI Chat API.
- Sanitization: No input filtering or validation is implemented in the provided template.
Audit Metadata