okf
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/install.shutility automates the installation of dependencies and the skill itself using standard system commands. It also uses a Python heredoc to perform local bundle validation. - [EXTERNAL_DOWNLOADS]: The installer fetches the
pyyamllibrary from official package registries and usesnpx skillsto download the skill components from the author's public repository. - [REMOTE_CODE_EXECUTION]: The skill provides Python examples for consuming OKF data that use
yaml.safe_load(), following best practices for safely processing external content. - [PROMPT_INJECTION]: While the skill is designed to process external Markdown files, which could serve as an indirect prompt injection surface, it provides specific documentation and validation logic to mitigate risks associated with untrusted data ingestion.
Audit Metadata