Skills
skills/datex/skills/function-creator/Gen Agent Trust Hub

function-creator

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the vendor-provided dxs CLI tool to perform lifecycle operations such as generating, validating, and uploading function configurations.
  • [EXTERNAL_DOWNLOADS]: The skill fetches existing function source code and configuration metadata from the Datex Studio platform using the dxs function get command.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from existing function code and external requirements briefs produced by the requirements-gathering skill. This data is processed by the agent to generate new TypeScript code and CLI commands, representing an indirect prompt injection surface.
  • Ingestion points: Existing code extracted from the platform (Phase 1) and the requirements brief in the conversation context.
  • Boundary markers: No specific delimiters or "ignore instructions" markers are used when interpolating external content into the workflow.
  • Capability inventory: The skill has the ability to execute shell commands (dxs), write to the local file system (temporary .ts and .json files), and upload code to the platform (dxs function upsert).
  • Sanitization: No explicit validation or sanitization of the ingested code or requirements is performed before they are used to influence agent output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 07:36 PM
Security Audit — agent-trust-hub — function-creator