dx-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill documentation instructs users to install via
npx skills add agustinoberg/dx-expert-skill, which executes code from a non-whitelisted registry or author. - Indirect Prompt Injection (LOW): The skill is designed to analyze and refactor user code, creating a potential surface for injection if that code is maliciously crafted.
- Ingestion points: User-provided React Native code (README.md).
- Boundary markers: None specified.
- Capability inventory: Modifies project structure and code logic.
- Sanitization: No sanitization of user input is described.
Audit Metadata