openai-agents
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected across the 26 files. The skill provides legitimate, well-documented templates for integrating the OpenAI Agents SDK with various frameworks like Next.js and Cloudflare Workers.
- [SAFE]: The skill includes dedicated security templates ('agent-guardrails-input.ts' and 'agent-guardrails-output.ts') that demonstrate how to protect agents from prompt injection and PII leakage using Zod schemas and validation agents.
- [SAFE]: Best practices for credential safety are followed, with explicit warnings and code examples (e.g., 'api-realtime-route.ts') showing how to avoid exposing sensitive API keys to the client side by using ephemeral tokens.
- [SAFE]: Dependencies are limited to official OpenAI packages and well-known libraries (zod, hono, typescript) from the public npm registry.
- [SAFE]: The shell script provided ('check-versions.sh') performs routine version checks using 'npm view' and does not involve any dangerous remote code execution patterns.
Audit Metadata