okf-open-knowledge-format

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes scripts/validate.sh, a bash script designed to check if local markdown files conform to the OKF specification. The script utilizes standard Unix utilities such as grep, sed, find, and head for pattern matching and text extraction from files within a specified directory.
  • [EXTERNAL_DOWNLOADS]: The documentation references and links to official tools and repositories hosted by the Google Cloud Platform organization on GitHub (github.com/GoogleCloudPlatform). These include the kcmd metadata management tool and a reference enrichment agent for automated OKF bundle generation.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and validate user-supplied markdown files, which represents a potential injection surface.
  • Ingestion points: Files within a directory tree processed for OKF conformance (described in SKILL.md and scripts/validate.sh).
  • Boundary markers: The specification (references/spec-v01.md) requires YAML frontmatter delimited by --- blocks to separate metadata from the content body.
  • Capability inventory: The skill performs file system reads/writes and executes a local validation script (scripts/validate.sh).
  • Sanitization: No explicit sanitization or filtering of external markdown content is defined; however, the format is intended for static knowledge representation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:40 AM
Security Audit — agent-trust-hub — okf-open-knowledge-format