Security risk report for @forgecat/openai_skills_sora v0.0.10
Source Integrity
Low
Profile is attributed to OpenAI with a public GitHub repository link and Apache-2.0 license.
Metadata includes a specific commit hash and timestamp, supporting verifiable provenance.
Agent Intent
Low
Content describes legitimate Sora video generation workflows (create, edit, extend, download) with no instructions to manipulate the AI, read credentials, or exfiltrate data.
Guidance on prompt augmentation, character continuity, and cinematic templates is educational and security-aware (e.g., guardrails against copyrighted content, real people, and human faces).
No system prompt leakage, role hijacking, or malicious knowledge poisoning detected; all instructions align with the stated purpose of video generation.
Details
Evidence
'Never ask the user to paste the full key in chat. Ask them to set it locally and confirm when ready.'
'Guardrails (must enforce): Only content suitable for audiences under 18. No copyrighted characters or copyrighted music. No real people (including public figures).'
Permissions
Low
The profile declares no tools or MCP servers; it is purely instructional markdown for a Sora video generation skill.
Guidance references a bundled CLI script (scripts/sora.py) for deterministic runs, but does not request file_write, file_delete, or shell execution beyond the documented CLI interface.
Network access is scoped to the OpenAI Video API and is explicitly documented as requiring user approval in sandbox environments.
Details
Evidence
'Prefer the bundled CLI and never modify scripts/sora.py unless the user asks.'
'In many Codex setups, network access is disabled by default (especially under stricter sandbox modes), and/or the approval policy may require confirmation before networked commands run.'
MCP Risk
Low
No MCP servers are defined in the profile.
The profile is a markdown-based skill with no hidden tool definitions or binary execution directives.