Skills
skills/vm0-ai/vm0-skills/openai/Gen Agent Trust Hub

openai

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.openai.com. This is a well-known service and the official domain for OpenAI's API endpoints.
  • [COMMAND_EXECUTION]: The skill uses standard CLI utilities including curl for networking, jq for parsing JSON responses, and a tool named zero for troubleshooting environment connectivity.
  • [DATA_EXFILTRATION]: User-supplied data (prompts and image URLs) is transmitted to the OpenAI API. This data movement is the intended purpose of the skill and is directed to a well-known service.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by passing untrusted user content directly to external LLM models for processing.
  • Ingestion points: User-controlled messages and image URLs in the request payloads defined in SKILL.md.
  • Boundary markers: None; external data is interpolated directly into JSON structures.
  • Capability inventory: Subprocess execution of curl, jq, and zero as outlined in the documentation.
  • Sanitization: No input validation or sanitization is performed on the data before it is sent to the API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 09:54 PM