openai-docs
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions designed to bypass security restrictions. In
SKILL.md, it directs the agent to 'immediately retry' an installation command with 'escalated permissions' if it is blocked by sandboxing, specifically telling the agent to provide its own justification rather than asking the user first. - [COMMAND_EXECUTION]: The skill provides explicit instructions to execute CLI commands, specifically
codex mcp add, to modify the agent's environment and install external tools. - [REMOTE_CODE_EXECUTION]: The skill directs the agent to install an external MCP server from a remote URL. This process involves the download and execution of external logic within the agent's environment.
- [EXTERNAL_DOWNLOADS]: The skill fetches configuration and installation components from a remote URL (
https://developers.openai.com/mcp). While the domain is an official OpenAI domain, the context of installing non-existent product support via a CLI command represents a significant security risk.
Recommendations
- AI detected serious security threats
Audit Metadata