Skills
skills/hoangvantuan/objective-kit/okr/Gen Agent Trust Hub

okr

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The orchestrator reads and processes multiple local markdown files (e.g., .okr/objective.md, .okr/plan.md) to determine the system state. This creates a surface for indirect prompt injection if the files contain untrusted content.
  • Ingestion points: Project metadata and action files within the .okr/ directory.
  • Boundary markers: Not explicitly implemented; content is read directly into the execution context.
  • Capability inventory: File reading and dynamic invocation of sub-skill instruction files.
  • Sanitization: No sanitization or validation of the ingested markdown content is described.
  • [COMMAND_EXECUTION]: The orchestrator dynamically loads and executes the instructions of sub-skills (e.g., okr-init, okr-plan) by reading their respective SKILL.md files from the skills/ directory. While the sub-skills are selected from a predefined list, this pattern relies on the integrity of the local file system.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:38 AM
Security Audit — agent-trust-hub — okr