validate
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates user-controlled input (
$ARGUMENTS) directly into shell commands withinSKILL.md. This pattern is vulnerable to command injection if shell metacharacters (e.g.,;,&&,|) are included in the arguments passed to the skill. - [EXTERNAL_DOWNLOADS]: The skill includes a fallback routine to install the
pyyamllibrary from the Python Package Index (PyPI) at runtime usingpip install. Whilepyyamlis a well-known package, installing dependencies from public registries introduces a dependency on external infrastructure and package integrity. - [PROMPT_INJECTION]: The skill analyzes the content of markdown files in a user-specified directory, presenting a surface for indirect prompt injection where malicious files could attempt to influence the agent's behavior.
- Ingestion points: The
scripts/okf_validate.pyscript reads and parses the content of all.mdfiles within the provided bundle directory. - Boundary markers: The skill instructions lack explicit delimiters or warnings to the agent to ignore instructions that may be embedded within the files being validated.
- Capability inventory: The skill is configured to use the
Bashtool for command execution. - Sanitization: The validation script uses
yaml.safe_load()for YAML parsing, but it returns file contents and metadata values (e.g., error messages containing file data) to the agent without sanitization or escaping.
Audit Metadata