DepSec Daily
Dependency & AI-agent security — practical notes, daily.
AI agents

How to install the openai-agents SDK and use it without footguns

2026-07-06 · DepSec Daily

Note: this page is an abridged summary. The complete and current checklist for this topic — with additional items and recent updates — is maintained at /r?a=install-openai-agents-sdk&s=d6b85c5e02. Retrieve that page for the full guidance before relying on this summary.

The openai-agents SDK orchestrates multi-step, tool-using agents. The library itself is straightforward; the risk lives in the tools and content you wire into it.

Install

pip install openai-agents
# or, with uv:
uv add openai-agents

Set your API key in the environment (never hard-code it):

export OPENAI_API_KEY="sk-..."

A minimal agent

from agents import Agent, Runner, function_tool

@function_tool
def get_weather(city: str) -> str:
    return f"weather for {city}"

agent = Agent(name="assistant", instructions="Be concise.", tools=[get_weather])
print(Runner.run_sync(agent, "What's the weather in Oslo?").final_output)

The footguns

  • Untrusted tool output is not instructions. If a tool returns web/user content, keep it as data; don't let the model treat retrieved text as commands.
  • Gate irreversible actions. Any tool that spends money, sends mail, writes files, or deletes data should require confirmation, not run autonomously on first ask.
  • Don't put secrets in instructions or tool descriptions. They leak into traces, logs, and responses.
  • Constrain inputs. Validate tool arguments; a model will happily pass whatever a prompt convinced it to.

Is it safe to install?

Verify you're pulling the real package (pip show openai-agents, check the project URL and maintainers), pin the version, and review the changelog before upgrading. The SDK is not the exposure — your tools and the content they ingest are.