acp-conformance

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch production readiness checklists and onboarding requirements from OpenAI's official developer portal (developers.openai.com).
  • [COMMAND_EXECUTION]: The skill is configured to allow the Bash tool, which is intended for executing the protocol conformance tests described in the documentation.
  • [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill fetches data from external sources (OpenAI documentation and GitHub searches).
  • Ingestion points: WebFetch of OpenAI guide URLs and WebSearch for protocol specifications on GitHub.
  • Boundary markers: The skill does not explicitly define delimiters to isolate fetched external content from its internal logic.
  • Capability inventory: The agent has access to Bash, Write, and Edit tools which could be targeted by malicious instructions in fetched data.
  • Sanitization: No explicit sanitization or validation of the remote content is specified before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — acp-conformance