Skills
skills/yonatangross/orchestkit/okr-design/Gen Agent Trust Hub

okr-design

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill is entirely composed of Markdown documentation, templates, and facilitation guides. No scripts, binaries, or configuration files that trigger code execution were found.
  • [PROMPT_INJECTION]: The skill configuration allows for the use of WebFetch and WebSearch tools, which serves as an ingestion point for untrusted external data and presents an indirect prompt injection surface.
  • Ingestion points: The allowed-tools metadata in SKILL.md includes WebFetch and WebSearch.
  • Boundary markers: The skill does not implement delimiters or instructions to treat external content as data only.
  • Capability inventory: Available tools are limited to Read, Glob, Grep, WebFetch, and WebSearch. No high-risk execution capabilities like eval or subprocess are present.
  • Sanitization: The framework does not define validation or filtering for data retrieved via the web tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:24 PM