dx-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands, including
git logand thejiraCLI, to gather activity data. This allows the agent to interact directly with the local development environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external inputs.\n - Ingestion points: Activity data is collected from Git commit messages, Jira ticket titles/comments, Obsidian vault notes, and calendar events.\n
- Boundary markers: The AI prompt templates do not utilize delimiters or specific instructions to ignore malicious directives embedded within the processed data.\n
- Capability inventory: The system can read local files, access project management APIs, and publish to Slack.\n
- Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is processed by the LLM.\n- [DATA_EXFILTRATION]: The skill reads sensitive information, such as commit history and private notes, and transmits it to external AI services and Slack. Users should ensure that these data flows align with their organization's security and privacy standards.
Audit Metadata