skills/akillness/jeo-skills/okf/Gen Agent Trust Hub

okf

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/install.sh utility automates the installation of dependencies and the skill itself using standard system commands. It also uses a Python heredoc to perform local bundle validation.
  • [EXTERNAL_DOWNLOADS]: The installer fetches the pyyaml library from official package registries and uses npx skills to download the skill components from the author's public repository.
  • [REMOTE_CODE_EXECUTION]: The skill provides Python examples for consuming OKF data that use yaml.safe_load(), following best practices for safely processing external content.
  • [PROMPT_INJECTION]: While the skill is designed to process external Markdown files, which could serve as an indirect prompt injection surface, it provides specific documentation and validation logic to mitigate risks associated with untrusted data ingestion.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 02:00 AM
Security Audit — agent-trust-hub — okf