Skip to content

Add AKF — The AI Native File Format skill #966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
HMAKT99 wants to merge 1 commit into
base: main
Choose a base branch
from
+53 −0
Open

Add AKF — The AI Native File Format skill #966

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions skills/akf-trust-metadata/SKILL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
---
name: akf-trust-metadata
description: >-
The AI native file format. EXIF for AI — stamps every file with trust scores,
source provenance, and compliance metadata. Use after creating or modifying
any file. Use before modifying existing files to check trust context.
globs:
- "**/*.md"
- "**/*.py"
- "**/*.ts"
- "**/*.js"
- "**/*.json"
- "**/*.yaml"
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai bot Mar 27, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3: Glob list covers .yaml but omits .yml, so YAML files using the common .yml extension won’t trigger the skill.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At skills/akf-trust-metadata/SKILL.md, line 13:

<comment>Glob list covers .yaml but omits .yml, so YAML files using the common .yml extension won’t trigger the skill.</comment>

<file context>
@@ -0,0 +1,53 @@
+  - "**/*.ts"
+  - "**/*.js"
+  - "**/*.json"
+  - "**/*.yaml"
+  - "**/*.html"
+---
</file context>
Fix with Cubic

- "**/*.html"
Comment on lines +7 to +14
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Overly broad globs trigger on nearly every file operation

The seven glob patterns combined (**/*.md, **/*.py, **/*.ts, **/*.js, **/*.json, **/*.yaml, **/*.html) cover almost every file a developer touches with Claude Code. This means the skill body—including the akf stamp <file> instruction—will be injected into Claude's context on virtually every file write or edit operation.

As a result, Claude will be prompted to run akf stamp (an external pip package authored by the PR submitter) after every single file modification in a user's project. This is far more invasive than the skill description suggests and goes well beyond the use case of "AI-native metadata".

Compare this with existing curated skills that either omit globs entirely (relying on the description to trigger loading) or use tightly-scoped patterns. Broad globs like these should be scoped to specific contexts where the skill adds genuine value, not to every common file type.

---
Comment on lines +1 to +15
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Missing required origin frontmatter field

The curated skill template defined in CONTRIBUTING.md requires an origin field in the YAML frontmatter (e.g., origin: ECC or origin: community). This field is also used by the validator (scripts/ci/validate-skills.js) and referenced in the skill placement policy (docs/SKILL-PLACEMENT-POLICY.md). All existing curated skills in the repo include it (e.g., security-review/SKILL.md, coding-standards/SKILL.md).

Suggested change
---
name: akf-trust-metadata
description: >-
The AI native file format. EXIF for AI — stamps every file with trust scores,
source provenance, and compliance metadata. Use after creating or modifying
any file. Use before modifying existing files to check trust context.
globs:
- "**/*.md"
- "**/*.py"
- "**/*.ts"
- "**/*.js"
- "**/*.json"
- "**/*.yaml"
- "**/*.html"
---
---
name: akf-trust-metadata
description: >-
The AI native file format. EXIF for AI — stamps every file with trust scores,
source provenance, and compliance metadata. Use after creating or modifying
any file. Use before modifying existing files to check trust context.
origin: community
globs:
- "**/*.md"
- "**/*.py"
- "**/*.ts"
- "**/*.js"
- "**/*.json"
- "**/*.yaml"
- "**/*.html"
---


# AKF — The AI Native File Format

Every photo has EXIF. Every song has ID3. AKF is the native metadata format for AI-generated content.

## After creating or modifying files

```bash
akf stamp <file> --agent claude-code --evidence "<what you did>"
```

## Before modifying existing files

```bash
akf read <file>
akf inspect <file>
```

## Compliance auditing

```bash
akf audit <file> --regulation eu_ai_act
akf audit <file> --regulation hipaa
akf audit <file> --regulation sox
```

## Classification

- --label confidential for finance/secret/internal paths
- --label public for README, docs, examples

## Install

```bash
pip install akf
```
Comment on lines +47 to +51
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Skill instructs users to install an unvetted third-party package authored by the PR submitter

The skill's primary actionable guidance is to pip install akf and then run akf stamp after every file operation. The akf package and the linked GitHub repository (https://github.com/HMAKT99/AKF) are authored by HMAKT99, which is the same GitHub account as the PR author.

This raises two concerns:

  1. Undisclosed conflict of interest: The PR introduces a skill whose sole purpose is to drive adoption of the author's own pip package. The contribution guidelines (CONTRIBUTING.md) explicitly say to avoid contributions that are promotional in nature and lack clear, standalone utility as a workflow skill.

  2. Supply-chain risk: Embedding an instruction to pip install and run an external package on every file write introduces a dependency on an external tool that has not been vetted by this repository's maintainers. If the package is updated maliciously or unexpectedly, all users who installed this skill are affected.

The skill should either be decoupled from the external package (demonstrating the concept inline without requiring akf) or the conflict of interest should be disclosed and the package should go through appropriate vetting before being recommended to all ECC users.

Comment on lines +21 to +51
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Add the required canonical skill sections (When to Use, How It Works, Examples).

This skill doc currently uses custom headings, but the required sections are missing. Please add those three headings (you can keep the current content under them). This keeps the skill consistent with repo conventions and tooling expectations.

As per coding guidelines: “skills/**/*.md: Skills must be formatted as Markdown files with clear sections including 'When to Use', 'How It Works', and 'Examples'.”

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@skills/akf-trust-metadata/SKILL.md` around lines 21 - 51, Update SKILL.md to
include the required canonical sections by adding the headings "When to Use",
"How It Works", and "Examples" and moving the existing relevant content under
each: place the guidance on when to run akf commands (e.g., "After creating or
modifying files" and "Before modifying existing files") under "When to Use",
move the usage snippets and compliance/audit/classification/Install details
under "How It Works", and include any command examples and sample invocations
under "Examples"; ensure the new headings exactly match "When to Use", "How It
Works", and "Examples" so tooling that validates skills
(skills/akf-trust-metadata/SKILL.md) recognizes them.


https://akf.dev | https://github.com/HMAKT99/AKF
Comment on lines +17 to +53
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Skill body does not follow the repository's required template structure

CONTRIBUTING.md defines the expected sections for a curated skill:

  • Core Concepts — key patterns and guidelines
  • Code Examples — practical, tested examples
  • Best Practices — actionable do's and don'ts
  • When to Use — scenarios where the skill applies

This skill has none of those sections. The current content is essentially an abbreviated CLI reference for the akf tool. Existing skills like security-review and coding-standards demonstrate the expected depth: they explain the underlying concepts, include concrete code samples, and give clear guidance on when to activate.

Without a "When to Use" or "Core Concepts" section, Claude has no principled way to understand why or when it should apply this skill beyond the broad glob matching discussed above.