dex-skill
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands for installation (
npm install -g @getdex/cli), setup (mkdir,chmod,echo), and authentication (curl). It also maps MCP tools to a localdexCLI binary for managing CRM data. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of external code by installing the official Dex CLI from npm and configuring an MCP server via
npx -y add-mcp https://mcp.getdex.com/mcp -y. These resources are hosted on the vendor's official infrastructure. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection where malicious instructions could be embedded in CRM data.
- Ingestion points: Contact descriptions, interaction notes, and custom field values are retrieved from the external Dex database (e.g., via
dex_get_contactordex_list_notes) and presented to the agent. - Boundary markers: The skill does not define specific delimiters to isolate untrusted data retrieved from the API from the agent's instructions.
- Capability inventory: The agent has the ability to execute shell commands, perform network operations via
curl, and access local files (~/.dex/api-key). - Sanitization: There is no evidence of content sanitization or instruction-filtering for data retrieved from the contact records before it is processed by the agent.
Audit Metadata