dexter
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Clones source code from a third-party GitHub repository (github.com/virattt/dexter.git) that is not listed as a trusted vendor.\n- [REMOTE_CODE_EXECUTION]: Executes 'bun install' and runs the application using 'bun', which results in the execution of unvetted third-party code.\n- [COMMAND_EXECUTION]: Uses 'sed' for automated source code modification and dynamically generates TypeScript wrapper scripts (query.ts) for execution.\n- [PROMPT_INJECTION]: The agent processes untrusted data from web searches and financial filings, creating a surface for indirect prompt injection.\n
- Ingestion points: Web search results via Tavily and SEC filing data via Financial Datasets API.\n
- Boundary markers: No explicit markers or 'ignore' instructions are provided in the query wrapper.\n
- Capability inventory: File system writing, network API calls, and shell execution via bun.\n
- Sanitization: No evidence of sanitization or validation of the external content before synthesis.
Audit Metadata