okf
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script,
okf-validate.mjs, to verify the conformance of knowledge bundles. The script is provided as part of the skill and utilizes standard Node.js libraries (node:fs,node:path) to perform read-only scans of markdown files. - [EXTERNAL_DOWNLOADS]: The
enrichandexportcommands instruct the agent to fetch content from external URLs (e.g., via/okf export <url>) to generate documentation concepts. This process involves the ingestion of data from remote sources. - [PROMPT_INJECTION]: The ingestion of untrusted web content creates an indirect prompt injection surface, where malicious instructions embedded in a target webpage could attempt to influence the agent's behavior during the transformation process. The skill provides mitigation guidance by instructing the agent to summarize and transform the content into structural markdown rather than performing a raw data scrape.
- Ingestion points: External content fetched via the
enrichandexportcommands described incommands.md. - Boundary markers: Specific structural headings (# Schema, # Examples, # Citations) and YAML frontmatter requirements defined in
spec.mdandtemplates.md. - Capability inventory: File system read/write access for bundle management (demonstrated in
okf-validate.mjs) and network tool access for fetching URLs (noted incommands.md). - Sanitization: Explicit instructions in
commands.mdto "Transform, do not paste" and to summarize rather than copy a third party's full text.
Audit Metadata