Security Audit
openai/skills:skills/.system/openai-docs
github.com/openai/skillsTrust Assessment
openai/skills:skills/.system/openai-docs received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Command Injection via Unsanitized Arguments in resolve-latest-model-info.js.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 17, 2026 (commit 49f948fa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/.system/openai-docs/scripts/resolve-latest-model-info.js:7 | |
| HIGH | Command Injection via Unsanitized Arguments in resolve-latest-model-info.js The script `scripts/resolve-latest-model-info.js` accepts a `--source` or `--url` argument. If this argument does not start with 'file://' or 'http(s)://', it resolves the path using `path.resolve(source)` and reads it via `fs.readFile`. However, if the source is a URL, it performs a `fetch(source)`. An attacker who can manipulate the arguments passed to this script (for example, via prompt injection manipulating the tool execution arguments) can force the agent to fetch arbitrary external URLs or read arbitrary local files, leading to Server-Side Request Forgery (SSRF) or Local File Inclusion (LFI). Restrict the allowed protocols and domains for the `--source` argument. Validate that the URL points to an official, trusted OpenAI domain (e.g., developers.openai.com) and prevent arbitrary local file paths from being read unless they are explicitly whitelisted. | LLM | scripts/resolve-latest-model-info.js:34 |
Scan History
Embed Code
[](https://skillshield.io/report/e2ca4655c926de03)
Powered by SkillShield