Skills
skills/lawve-ai/awesome-legal-skills/security-review-openai/Gen Agent Trust Hub

security-review-openai

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains deceptive metadata in SKILL.md identifying the author as 'OpenAI', which conflicts with the actual author identity 'lawve-ai'.
  • [PROMPT_INJECTION]: The skill instructions create a significant surface for indirect prompt injection by telling the agent to follow 'specific rules and instructions' found in project documentation which 'may require you to override certain best practices'. Ingestion points: Project source code and documentation files. Boundary markers: Absent. Capability inventory: File system write access for report generation. Sanitization: Absent.
  • [SAFE]: The skill's reference documentation provides standard and high-quality security guidance for various frameworks.
  • [SAFE]: The skill explicitly instructs the agent to avoid requesting or exposing sensitive data such as API keys and credentials.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 04:13 AM
Security Audit — agent-trust-hub — security-review-openai