Security risk report for @forgecat/openai_skills_chatgpt-apps v0.0.10
Source Integrity
Low
The profile is sourced from OpenAI's official repository (https://github.com/openai/skills) with a documented commit hash and Apache-2.0 license.
The content is a legitimate educational/guidance skill for ChatGPT Apps SDK development, not a supply-chain attack vector.
Agent Intent
Low
The skill provides legitimate guidance on building ChatGPT applications using the OpenAI Apps SDK and MCP (Model Context Protocol).
All instructions are constructive: scaffold app archetypes, plan tools, fetch official docs, validate repos, and follow best practices for security (CSP, auth, idempotent handlers).
No content instructs the AI to ignore instructions, exfiltrate credentials, leak system prompts, install malicious dependencies, weaken security defaults, or execute remote payloads.
Details
Evidence
'Prefer a docs-first workflow by invoking the openai-docs skill or OpenAI developer docs MCP tools before generating code.'
'Set _meta.ui.csp.connectDomains and _meta.ui.csp.resourceDomains exactly'
Permissions
Low
The skill declares no tools or shell/file-write/file-delete capabilities of its own; it is purely instructional guidance.
The only MCP server referenced (openaiDeveloperDocs) is a read-only documentation fetch service at https://developers.openai.com/mcp, which is a legitimate OpenAI-hosted resource.
Authority is scoped to guiding code generation and validation workflows, not executing arbitrary commands.
Details
Evidence
No 'tools' section in the profile.
MCP server 'openaiDeveloperDocs' is a streamable_http resource pointing to official OpenAI documentation.
MCP Risk
Low
The single MCP server (openaiDeveloperDocs) is a known, official OpenAI documentation endpoint with no hidden instructions or arbitrary binary execution.
The server is read-only (streamable_http) and scoped to fetching public developer documentation, not filesystem or network access beyond the documented domain.