Skills
skills/dessixio/skill/dessix-skill/Gen Agent Trust Hub

dessix-skill

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes content from local Dessix workspace blocks, creating an attack surface for indirect prompt injection.\n
  • Ingestion points: Untrusted content enters the agent context through the dessix_read_block, dessix_get_skill, and dessix_get_topic_context tools executed via scripts/dessix-bridge.mjs.\n
  • Boundary markers: Absent. The skill instructions in SKILL.md do not provide delimiters or warnings to treat block content as untrusted data.\n
  • Capability inventory: scripts/dessix-bridge.mjs facilitates reading, searching, and writing (creating, updating, deleting) blocks in the local Dessix application via net.createConnection.\n
  • Sanitization: Absent. No filtering or validation of the retrieved block content is performed by the bridge script or skill instructions.\n- [SAFE]: No data exfiltration detected. The bridge client communicates strictly with local endpoints, such as ~/.dessix/mcp/dessix-mcp-bridge.sock or \\\\.\\pipe\\dessix-mcp-bridge.\n- [SAFE]: No remote code execution or unverifiable dependencies were found. The skill uses a local script that relies exclusively on built-in Node.js modules.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 02:00 PM