Skills
skills/olakai-ai/olakai-skills/olakai-new-project/Gen Agent Trust Hub

olakai-new-project

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install the Olakai CLI tool (olakai-cli) and associated SDKs (@olakai/sdk, olakai-sdk) from standard package registries (NPM and PyPI). These are standard dependencies provided by the author.
  • [COMMAND_EXECUTION]: The instructions contain multiple shell commands using the olakai CLI for resource management, such as creating agents, workflows, and KPIs.
  • [DATA_EXFILTRATION]: The skill demonstrates how to send agent telemetry, including prompts and responses, to the Olakai platform's monitoring API (app.olakai.ai). This is the core functionality of the platform.
  • [PROMPT_INJECTION]: The code examples illustrate the ingestion of untrusted user input (e.g., userPrompt, input_text) which is subsequently processed by an LLM. This creates a surface for indirect prompt injection. Evidence: 1. Ingestion points: userPrompt (SKILL.md), input_text (SKILL.md). 2. Boundary markers: None. 3. Capability inventory: Shell command execution via CLI, network communication via SDK. 4. Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:56 PM