The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill clones source code from an unverified external GitHub repository (https://github.com/virattt/dexter.git). The repository owner is not a trusted vendor and does not match the skill's author (sundial-org).
[EXTERNAL_DOWNLOADS]: The installation process executes bun install, which downloads and installs third-party dependencies from the NPM registry. The security of these packages depends entirely on the unvetted configuration of the external repository.
[REMOTE_CODE_EXECUTION]: The skill executes the downloaded code via bun start and a dynamically generated runner (query.ts). Running unverified code from an external source is a high-risk operation that could lead to full system compromise.
[COMMAND_EXECUTION]: The skill uses sed to patch source code files (src/agent/tool-executor.ts) at runtime. This capability to modify the agent's logic before execution could be used to inject malicious behavior.
[COMMAND_EXECUTION]: The skill dynamically generates a TypeScript script (query.ts) using cat and executes it immediately using the bun runtime.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from web search results (Tavily) and public SEC filings. There are no explicit instructions for sanitizing this data or using boundary markers to prevent the agent from obeying instructions embedded in the processed documents.

dexter