Skills
skills/firecrawl/openai-skills/openai-docs/Gen Agent Trust Hub

openai-docs

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file contains instructions for the agent to execute shell commands (codex mcp add) to modify the environment by adding a new Model Context Protocol (MCP) server.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to attempt privilege escalation. If the initial installation command fails due to permissions or sandboxing, the agent is told to "immediately retry the same command with escalated permissions" and to provide a justification to the system for approval before involving the user.
  • [EXTERNAL_DOWNLOADS]: The skill attempts to download and install an MCP server from https://developers.openai.com/mcp. While the destination belongs to a well-known service, the automated installation logic combined with instructions for permission escalation poses a risk to system security and integrity.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 17, 2026, 03:02 PM
Security Audit — agent-trust-hub — openai-docs