okf-refactor

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from a source directory (notes, wikis, docs) and processes it into a new format. Malicious instructions embedded in these source files could potentially influence the agent's behavior during the refactor process.
  • Ingestion points: Files and directories provided as the <src> input.
  • Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions found within the source content.
  • Capability inventory: The skill performs file system reads and writes, and executes a local validation script (validate_okf.py).
  • Sanitization: No explicit sanitization or filtering of the source content is mentioned.
  • [COMMAND_EXECUTION]: The skill invokes a local Python script (python ../okf/scripts/validate_okf.py <out>) to validate the generated output. This is a legitimate functional requirement for verifying that the refactored bundle conforms to the OKF specification.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 04:44 PM
Security Audit — agent-trust-hub — okf-refactor