From 65d2531ec1fd50344f7ec62fb0565e5ed63da0a2 Mon Sep 17 00:00:00 2001
From: Simon de Vlieger <cmdr@supakeen.com>
Date: Tue, 14 May 2024 07:55:26 +0200
Subject: [PATCH] doc: security

Signed-off-by: Simon de Vlieger <cmdr@supakeen.com>
---
 doc/06-security.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/06-security.md b/doc/06-security.md
index 8dbb2f9b..cb5e1dc1 100644
--- a/doc/06-security.md
+++ b/doc/06-security.md
@@ -1 +1,3 @@
 # Security
+
+`otk` assumes that any omnifest it processes comes from a trusted source. You should **NOT** run `otk` on an untrusted omnifest. The outputs produced by `otk` inherit the same trust level meaning that a malicious omnifest will produce a malicious output that should **NOT** be propagated to other programs.