dex
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npx @zeeg/dexto execute the task management tool if it is not already installed in the environment's PATH. This command fetches the package from the standard NPM registry.\n- [COMMAND_EXECUTION]: The skill functions by executing variousdexCLI commands (e.g.,create,list,complete,show) to manage task state and local files.\n- [PROMPT_INJECTION]: The skill ingests and displays task content (names, descriptions, and results) which may originate from untrusted sources or previous sessions (Indirect Prompt Injection).\n - Ingestion points: Task data is retrieved from local JSON files in the
.dex/tasks/directory through commands likedex show <id> --fullanddex list(SKILL.md, cli-reference.md).\n - Boundary markers: The skill does not implement explicit delimiters or warnings to isolate ingested task content from instructions.\n
- Capability inventory: The skill possesses capabilities for shell command execution and local file system access.\n
- Sanitization: No specific sanitization or validation logic is observed for the content of tasks before they are presented to the agent.
Audit Metadata