← Back to scan
File as GitHub Issue repo: openai/openai-cookbook

Push this scan report to openai/openai-cookbook

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

`self._state_key` used but never assigned in __init__

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
CRIT MINED107 [MINED107] Missing import: `html` used but not imported: The file uses `html.something(..… examples/agents_sdk/deployment_manager/…:98
CRIT MINED107 [MINED107] Missing import: `stat` used but not imported: The file uses `stat.something(..… examples/partners/macro_evals_for_agent…:2331
HIGH MINED110 [MINED110] Blocking call `input` inside async function `run_agent`: `input` is a synchron… examples/mcp/building-a-supply-chain-co…:70
HIGH MINED108 [MINED108] `self.get_state` used but never assigned in __init__: Method `should_continue_… examples/partners/agentic_governance_gu…:200
HIGH MINED108 [MINED108] `self._state_key` used but never assigned in __init__: Method `get_state` of c… examples/partners/agentic_governance_gu…:101
HIGH MINED108 [MINED108] `self._state_key` used but never assigned in __init__: Method `get_or_create_s… examples/partners/agentic_governance_gu…:89
HIGH MINED108 [MINED108] `self.calculate_gaps` used but never assigned in __init__: Method `determine_d… examples/partners/agentic_governance_gu…:38
HIGH MINED108 [MINED108] `self._update_threshold` used but never assigned in __init__: Method `run` of … examples/partners/agentic_governance_gu…:333
HIGH MINED108 [MINED108] `self._run_eval` used but never assigned in __init__: Method `run` of class `G… examples/partners/agentic_governance_gu…:347
HIGH MINED108 [MINED108] `self._save_config` used but never assigned in __init__: Method `run` of class… examples/partners/agentic_governance_gu…:344
HIGH MINED108 [MINED108] `self._run_eval` used but never assigned in __init__: Method `run` of class `G… examples/partners/agentic_governance_gu…:284
HIGH MINED108 [MINED108] `self._generate_report` used but never assigned in __init__: Method `run` of c… examples/partners/agentic_governance_gu…:388
HIGH MINED108 [MINED108] `self._save_config` used but never assigned in __init__: Method `run` of class… examples/partners/agentic_governance_gu…:384
HIGH MINED108 [MINED108] `self._get_tunable_guardrails` used but never assigned in __init__: Method `ru… examples/partners/agentic_governance_gu…:259
HIGH MINED108 [MINED108] `self._load_config` used but never assigned in __init__: Method `run` of class… examples/partners/agentic_governance_gu…:258
HIGH MINED108 [MINED108] `self._parse_metrics` used but never assigned in __init__: Method `_run_eval` … examples/partners/agentic_governance_gu…:189
HIGH MINED108 [MINED108] `self.read_str` used but never assigned in __init__: Method `parse_add_file` o… examples/gpt-5/apply_patch.py:211
HIGH MINED108 [MINED108] `self.is_done` used but never assigned in __init__: Method `parse_add_file` of… examples/gpt-5/apply_patch.py:208
HIGH MINED108 [MINED108] `self.read_str` used but never assigned in __init__: Method `parse_update_file… examples/gpt-5/apply_patch.py:159
HIGH MINED108 [MINED108] `self.is_done` used but never assigned in __init__: Method `parse_update_file`… examples/gpt-5/apply_patch.py:150
HIGH MINED108 [MINED108] `self.parse_add_file` used but never assigned in __init__: Method `parse` of c… examples/gpt-5/apply_patch.py:134
HIGH MINED108 [MINED108] `self.parse_update_file` used but never assigned in __init__: Method `parse` o… examples/gpt-5/apply_patch.py:115
HIGH MINED108 [MINED108] `self.read_str` used but never assigned in __init__: Method `parse` of class `… examples/gpt-5/apply_patch.py:111
HIGH MINED108 [MINED108] `self.startswith` used but never assigned in __init__: Method `parse` of class… examples/gpt-5/apply_patch.py:137
HIGH MINED108 [MINED108] `self.read_str` used but never assigned in __init__: Method `parse` of class `… examples/gpt-5/apply_patch.py:130
HIGH MINED108 [MINED108] `self.read_str` used but never assigned in __init__: Method `parse` of class `… examples/gpt-5/apply_patch.py:120
HIGH MINED108 [MINED108] `self.read_str` used but never assigned in __init__: Method `parse` of class `… examples/gpt-5/apply_patch.py:107
HIGH MINED108 [MINED108] `self.is_done` used but never assigned in __init__: Method `parse` of class `P… examples/gpt-5/apply_patch.py:106
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… examples/voice_solutions/realtime_trans…:12
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… examples/object_oriented_agentic_approa…:55
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… examples/mcp/building-a-supply-chain-co…:91
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … examples/voice_solutions/realtime_trans…:36
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … examples/partners/temporal_agents_with_…:184
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … examples/gpt-5/prompt-optimization-cook…:76
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… examples/gpt-5/prompt-optimization-cook…:125
HIGH MINED006 [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and Syste… examples/deep_research_api/how_to_build…:200
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … examples/agents_sdk/multi-agent-portfol…:119
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… examples/evals/imagegen_evals/vision_ha…:14
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… examples/evals/imagegen_evals/vision_ha…:35
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… examples/agents_sdk/deployment_manager/…:219
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… examples/gpt-5/prompt-optimization-cook…:107
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… examples/agents_sdk/deployment_manager/…:187
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… examples/agents_sdk/deployment_manager/…:5
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). examples/voice_solutions/realtime_trans…:15
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). examples/agents_sdk/deployment_manager/…:18
HIGH SEC069 [SEC069] Dockerfile: no USER directive (runs as root): Container runs as root because no … examples/agents_sdk/deployment_manager/…:1
HIGH SEC016 [SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolat… examples/fine-tuned_qa/answers_with_ft.…:88
HIGH MINED112 [MINED112] FastAPI POST /api/traces/ingest has no auth: Handler `ingest_traces` is regist… examples/agents_sdk/deployment_manager/…:401
HIGH MINED112 [MINED112] FastAPI DELETE /api/deployments/<deployment_id> has no auth: Handler `remove_d… examples/agents_sdk/deployment_manager/…:280
HIGH MINED112 [MINED112] FastAPI POST /api/deployments/<deployment_id>/stop has no auth: Handler `stop_… examples/agents_sdk/deployment_manager/…:267
HIGH MINED112 [MINED112] FastAPI POST /api/deployments/<deployment_id>/start has no auth: Handler `star… examples/agents_sdk/deployment_manager/…:247
HIGH MINED112 [MINED112] FastAPI POST /api/deployments has no auth: Handler `create_deployment` is regi… examples/agents_sdk/deployment_manager/…:201
HIGH MINED112 [MINED112] FastAPI POST /api/projects/import has no auth: Handler `import_project` is reg… examples/agents_sdk/deployment_manager/…:135
HIGH MINED112 [MINED112] FastAPI POST /chat has no auth: Handler `chat_endpoint` is registered with rou… examples/mcp/building-a-supply-chain-co…:92
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… examples/agents_sdk/deployment_manager/…:106
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:40
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:42
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:27
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:10
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:36
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:36
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:44
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:25
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:35
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:21
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:26
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:26
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/gpt-5/prompt-optimization-cook…:30
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:1100
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:374
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:51
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:46
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:41
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:36
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:27
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:21
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/macro_evals_for_agent…:15
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/agentic_governance_gu…:200
MED MINED109 [MINED109] Mutable default argument in `cost_estimator` (list): `def cost_estimator(... =… examples/partners/model_selection_guide…:179
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/partners/temporal_agents_with_…:32
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/fine-tuned_qa/answers_with_ft.…:97
MED MINED109 [MINED109] Mutable default argument in `answer_question` (list): `def answer_question(...… examples/fine-tuned_qa/answers_with_ft.…:46
MED CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build art…
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… examples/vector_databases/redis/nbutils…:30
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … examples/object_oriented_agentic_approa…:55
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… examples/object_oriented_agentic_approa…:62
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… examples/object_oriented_agentic_approa…:56
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… examples/mcp/building-a-supply-chain-co…:107
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… examples/partners/temporal_agents_with_…:20
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… examples/agents_sdk/deployment_manager/…:105
MED SEC068 [SEC068] Dockerfile: base image uses :latest or no tag: FROM uses :latest or no tag — bui… examples/agents_sdk/deployment_manager/…:1
MED AGT007 localStorage write failures are swallowed silently examples/agents_sdk/deployment_manager/…:324
MED SEC017 [SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external … examples/fine-tuned_qa/answers_with_ft.…:88
MED AGT012 Agent control bridge may listen on a network interface without visible auth examples/agents_sdk/deployment_manager/…:246
LOW CFG003 [CFG003] Docker COPY Everything: Copying entire directory may include secrets and build a… examples/agents_sdk/deployment_manager/…:29
LOW SEC075 [SEC075] Dockerfile: no HEALTHCHECK: No HEALTHCHECK directive — orchestrators can't detec… examples/agents_sdk/deployment_manager/…:1
LOW COMP001 [COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSou… examples/agents_sdk/deployment_manager/…:20
LOW COMP001 [COMP001] High cognitive complexity: Function `inspect_project` has cognitive complexity … examples/agents_sdk/deployment_manager/…:66
LOW COMP001 [COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSou… .github/scripts/check_notebooks.py:36
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … examples/voice_solutions/realtime_trans…:25
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… examples/voice_solutions/realtime_trans…:255
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. examples/voice_solutions/one_way_transl…:17
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… examples/voice_solutions/realtime_trans…:51
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… examples/voice_solutions/one_way_transl…:275
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… examples/mcp/building-a-supply-chain-co…:67
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. examples/mcp/building-a-supply-chain-co…:70
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. examples/gpt-5/prompt-optimization-cook…:22
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. examples/evals/imagegen_evals/vision_ha…:11
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. examples/evals/imagegen_evals/vision_ha…:8
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. examples/evals/imagegen_evals/vision_ha…:83
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … examples/voice_solutions/one_way_transl…:8
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … examples/chatgpt/sharepoint_azure_funct…:43
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … examples/chatgpt/sharepoint_azure_funct…:42
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… examples/agents_sdk/multi-agent-portfol…:119
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… examples/agents_sdk/deployment_manager/…:188
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… examples/agents_sdk/deployment_manager/…:6
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… examples/agents_sdk/deployment_manager/…:107
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… examples/agents_sdk/deployment_manager/…:27
Reset to top 5 118 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `openai/openai-cookbook`

**Score: 71/100 (B)**  ·  122 findings  ·  scanned 2026-06-05 07:58 UTC  ·  42,602 LOC

| Severity | Count |
|---|---|
| CRITICAL | 2 |
| HIGH | 53 |
| MEDIUM | 39 |
| LOW | 5 |

📊 [Full filterable report](https://repobility.com/scan/6a2dfe00-37c2-4b75-98eb-a6540405a8bf/)  ·  ![scorecard](https://repobility.com/scan/6a2dfe00-37c2-4b75-98eb-a6540405a8bf/report.png?v=1780646289-s2)

### Top findings

1. **CRITICAL** `MINED107` — Missing import: `html` used but not imported
   `examples/agents_sdk/deployment_manager/app/main.py:98` · ✓ Repobility
2. **CRITICAL** `MINED107` — Missing import: `stat` used but not imported
   `examples/partners/macro_evals_for_agentic_systems/helpers/macro_eval_pipeline.py:2331` · ✓ Repobility
3. **HIGH** `MINED110` — Blocking call `input` inside async function `run_agent`
   `examples/mcp/building-a-supply-chain-copilot-with-agent-sdk-and-databricks-mcp/main.py:70` · ✓ Repobility
4. **HIGH** `MINED108` — `self.get_state` used but never assigned in __init__
   `examples/partners/agentic_governance_guide/guardrail_tuner/threshold_adjuster.py:200` · ✓ Repobility
5. **HIGH** `MINED108` — `self._state_key` used but never assigned in __init__
   `examples/partners/agentic_governance_guide/guardrail_tuner/threshold_adjuster.py:101` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/6a2dfe00-37c2-4b75-98eb-a6540405a8bf/_
Already filed
'openai' is on the known-megaproject org list. These projects use auto-triage bots and established security disclosure channels. Unsolicited automated issues from Repobility would be perceived as AI-generated spam. For security findings, follow the project's SECURITY.md policy. For non-security findings, open a focused PR or community discussion instead.
Megaproject â high spam risk
Could not determine 'openai/openai-cookbook' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Already filed
126/133 findings (95%) on this scan are already flagged as test-file, won't-fix, or suppressed. The scan is too noisy to file as a single issue. Curate down to specific actionable findings, or address the FP source first.
Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.