gpt5-consultant

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill documents a legitimate workflow for using an external MCP server (gpt5-mcp-server) to perform technical analysis.
  • [COMMAND_EXECUTION]: While the skill references specific tool names like mcp__gpt5-server__gpt5_generate, these are within the expected context of an AI agent using predefined tools and do not represent arbitrary or dangerous shell execution.
  • [DATA_EXFILTRATION]: The skill encourages gathering context from the current session and sending it to the GPT-5 tool. While this involves data transfer, it is the primary intended function of the skill and occurs within the controlled environment of the configured MCP server.
  • [PROMPT_INJECTION]: No evidence of prompt injection, role-play overrides, or attempts to bypass safety filters was found in the instructions or metadata.
  • [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or sensitive credentials were detected. The skill relies on the user's local MCP configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 09:06 AM
Security Audit — agent-trust-hub — gpt5-consultant