okf-open-knowledge-format
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes
scripts/validate.sh, a bash script designed to check if local markdown files conform to the OKF specification. The script utilizes standard Unix utilities such asgrep,sed,find, andheadfor pattern matching and text extraction from files within a specified directory. - [EXTERNAL_DOWNLOADS]: The documentation references and links to official tools and repositories hosted by the Google Cloud Platform organization on GitHub (
github.com/GoogleCloudPlatform). These include thekcmdmetadata management tool and a reference enrichment agent for automated OKF bundle generation. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and validate user-supplied markdown files, which represents a potential injection surface.
- Ingestion points: Files within a directory tree processed for OKF conformance (described in
SKILL.mdandscripts/validate.sh). - Boundary markers: The specification (
references/spec-v01.md) requires YAML frontmatter delimited by---blocks to separate metadata from the content body. - Capability inventory: The skill performs file system reads/writes and executes a local validation script (
scripts/validate.sh). - Sanitization: No explicit sanitization or filtering of external markdown content is defined; however, the format is intended for static knowledge representation.
Audit Metadata