Security risk report for @forgecat/openai_skills_system-openai-docs v0.0.10
Source Integrity
Low
Profile metadata declares OpenAI as author with a GitHub repository link and Apache-2.0 license, consistent with legitimate open-source distribution.
MCP server URL points to official OpenAI developer domain (developers.openai.com), a known-safe, first-party source.
Agent Intent
INT-000Medium
The SKILL.md instructs the agent to autonomously attempt MCP server installation with escalated permissions before involving the user — 'immediately retry the same command with escalated permissions' — which is a self-expanding authority nudge beyond normal documentation assistance.
All other instructions are consistent with legitimate documentation retrieval: searching OpenAI docs, fetching pages, loading local reference files, and restricting web fallback to official OpenAI domains.
No credential harvesting, exfiltration, role-hijacking, or system-prompt leakage instructions were found; the escalated-permissions instruction is the only notable concern.
Details
Evidence
"If it fails due to permissions/sandboxing, immediately retry the same command with escalated permissions and include a 1-sentence justification for approval. Do not ask the user to run it yet." (SKILL.md, 'If MCP server is missing' section)
Permissions
Low
The profile declares no explicit tool permissions (no shell, file_write, file_delete, or other high-risk categories in the tool definitions).
The only external authority is the MCP server at developers.openai.com, which is scoped to OpenAI documentation retrieval and is appropriate for the stated purpose.
The skill's workflow is read-only: search and fetch operations on official OpenAI docs, with fallback to web search restricted to official OpenAI domains.
Details
Evidence
No declared tools in the profile.
MCP server 'openaiDeveloperDocs' at 'https://developers.openai.com/mcp' is a documentation-retrieval service.
Skill instructions: 'Always use MCP doc tools before any web search for OpenAI-related questions. When falling back to web search, restrict to official OpenAI domains.'
MCP Risk
MCP-000Medium
The MCP server points to https://developers.openai.com/mcp, which is a plausible official OpenAI endpoint, but it is an external host accessed over the network and its tool descriptions/responses are not auditable at install time.
No hidden instructions were found in the MCP server definition itself; the configuration is minimal (URL + transport type only).
External MCP servers can return arbitrary tool descriptions at runtime, so a degree of residual risk exists even for apparently legitimate endpoints.
Details
Evidence
{"openaiDeveloperDocs": {"url": "https://developers.openai.com/mcp"}} (MCP server config)