Security Audit
openai/openai-agents-js:.agents/skills/integration-tests
github.com/openai/openai-agents-jsTrust Assessment
openai/openai-agents-js:.agents/skills/integration-tests received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions and Sandbox Escape via Skill Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 17, 2026 (commit 72ca4bc1). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions and Sandbox Escape via Skill Instructions The skill instructions explicitly direct the LLM/agent to bypass the default sandbox environment ('sandbox_permissions=require_escalated' / 'outside the Codex sandbox by default') and execute arbitrary shell commands, local emulators, and Docker containers on the host system. This allows untrusted repository content or instructions to run arbitrary code with escalated privileges on the user's host machine. Remove instructions that request sandbox escalation or execution outside the secure sandbox environment. Ensure all integration tests and subprocesses run strictly within the restricted sandbox container. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/1080714ce3fe6ec8)
Powered by SkillShield