consult-chatgpt-pro
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to package and transmit local project data to chatgpt.com for review.
- Exfiltration Channel: Data is sent to chatgpt.com, a well-known service, via the user's desktop browser using Computer Use tools.
- Sanitization Measures: The skill explicitly instructs the agent to exclude secrets, .env files, API keys, tokens, and unrelated personal data from the transmission packet.
- User Authorization: Every external submission requires the user to approve the exact packet and verify the destination account/workspace at runtime.
- [PROMPT_INJECTION]: The skill processes output from an external source (ChatGPT Pro), which introduces a surface for indirect prompt injection attacks.
- Ingestion Points: External data enters the agent context from the chatgpt.com response captured via the browser.
- Boundary Markers: The skill utilizes a structured prompt template (review-prompt-template.md) and provides instructions to the external model to treat packet content as data, not instructions.
- Capability Inventory: The agent using this skill has access to Computer Use, file system operations, and shell execution.
- Validation & Sanitization: The skill mandates a 'trust but verify' workflow where all external advice is treated as untrusted and must be confirmed against local evidence before any action or recommendation occurs.
Audit Metadata