okr-init
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its inbox processing feature.
- Ingestion points: The instructions direct the agent to read all markdown files within the
.okr/inbox/directory to gather context (SKILL.md, Phase 0a). - Boundary markers: There are no specific delimiters or instructions to treat the content of these files as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill can write structured data to
.okr/objective.mdand.okr/resources.md, which could be influenced by malicious content in the inbox files (SKILL.md, Phase 7). - Sanitization: No automated sanitization is specified for the inbox content, although the requirement for user confirmation of the context summary acts as a manual control.
- [NO_CODE]: The skill consists only of Markdown instructional and reference files. It does not include any Python, Node.js, or other executable scripts.
- [SAFE]: The core logic of the skill is benign, focusing on OKR management with frequent checkpoints for user review. File operations are restricted to the local project's
.okr/directory, and no sensitive credential access or unauthorized network exfiltration patterns were detected.
Audit Metadata