openai-responses
Build agentic AI with OpenAI Responses API - stateful conversations with preserved reasoning, built-in tools (Code Interpreter, File Search, Web Search), and MCP integration. Prevents 11 documented errors. Use when: building agents with persistent reasoning, using server-side tools, or migrating from Chat Completions/Assistants for better multi-turn performance.
75
72%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/openai-responses/SKILL.mdSecurity
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The skill explicitly uses the web_search tool (real-time web information) and MCP tool connections to arbitrary external server URLs—see SKILL.md "Built-in Tools" / references/built-in-tools-guide.md and the templates (templates/cloudflare-worker.ts, templates/mcp-integration.ts) where web_search and mcp server_url are invoked—and those third‑party results are consumed and used to drive responses and tool actions, creating a clear path for indirect prompt injection.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.80). The skill's runtime examples explicitly pass MCP server URLs (e.g., https://mcp.stripe.com, https://dmcp.example.com, https://db-mcp.example.com) into openai.responses.create so the Responses API will query those servers for tool definitions and invoke their call endpoints at runtime, which can directly control agent tooling/behavior and execute remote actions.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill explicitly documents MCP server integration with payment gateways, naming Stripe and providing a concrete example ("Get my Stripe balance") that uses an MCP server labeled 'stripe' with an authorization token. MCP is described as a built-in connector for external tools (Stripe, databases, custom APIs) and shows the flow for invoking those servers (including authorization and user approval). These are specific, non-generic references to a payment gateway API and an example of performing financial queries via that connector, which meets the criteria for Direct Financial Execution capability.
- Repository
- jezweb/claude-skills
- Commit
fa91c34
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.