Security risk report for @forgecat/openai_skills_openai-docs v0.0.10
Source Integrity
Low
Profile is sourced from OpenAI's official repository (github.com/openai/skills) with Apache-2.0 license and clear attribution.
Commit hash and timestamp provided; no obfuscation or supply-chain red flags detected.
Agent Intent
Low
Content describes legitimate OpenAI documentation lookup and model-upgrade guidance; no instructions to ignore system prompts, exfiltrate credentials, or execute remote payloads.
Reference files (gpt-5p4-prompting-guide.md, upgrading-to-gpt-5p4.md, latest-model.md) provide educational prompt-rewriting patterns and upgrade workflows; they document best practices, not malicious instructions.
Skill explicitly prioritizes OpenAI's official docs as source of truth and instructs verification against current docs before repeating recommendations—this is defensive, not manipulative.
Details
Evidence
"Treat OpenAI docs as the source of truth; avoid speculation."
"Every recommendation here must be verified against current OpenAI docs before it is repeated to a user."
"If this file conflicts with current docs, the docs win."
Permissions
PRM-000Medium
No shell, file_write, file_delete, or other high-risk tool categories are declared; the profile relies on MCP doc-search tools scoped to OpenAI documentation.
The instruction to self-escalate permissions when installing the MCP server represents authority slightly broader than a pure documentation-lookup skill warrants.
Web fallback is explicitly restricted to official OpenAI domains, which limits browsing scope appropriately.
Details
Evidence
"immediately retry the same command with escalated permissions" (SKILL.md)
"restrict any fallback browsing to official OpenAI domains" (description and SKILL.md Tooling notes)
MCP Risk
MCP-000Medium
The MCP server points to https://developers.openai.com/mcp, which is a plausible official OpenAI endpoint, but it is an external host whose content and tool definitions are not auditable at install time.
No hidden instructions were found in the MCP server definition itself; the configuration is minimal (URL + streamable_http transport only).
External MCP servers can return arbitrary tool descriptions at runtime, so a degree of trust is placed in the remote host remaining under OpenAI's control.
Details
Evidence
{"openaiDeveloperDocs": {"url": "https://developers.openai.com/mcp"}} (MCP server config)