dx-optimizer
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is composed of purely instructional content and descriptive JSON files for tracking progress and querying context.
- [NO_CODE]: The skill does not contain any executable scripts (Python, JavaScript, shell) or external binary files, which eliminates risks associated with remote code execution or malicious logic in code.
- [PROMPT_INJECTION]: The instructions in SKILL.md strictly define the agent's role as a DX optimizer. There are no attempts to bypass safety guardrails, override platform instructions, or hide malicious commands.
- [DATA_EXFILTRATION]: No hardcoded credentials, API keys, or instructions to access sensitive local files (like SSH keys or environment variables) were found. The skill does not perform any network operations to non-whitelisted domains.
- [INDIRECT_PROMPT_INJECTION]: While the skill implies processing external data like 'developer feedback' or 'build metrics', it does not specify any tools or commands that would execute instructions embedded in that data. The potential for indirect injection is naturally limited as the skill lacks execution capabilities.
- [OBFUSCATION]: All content is in plain text or standard JSON format. No encoded strings (Base64), zero-width characters, or homoglyphs were detected.
Audit Metadata