dex-backlog
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads local user files including
System/user-profile.yamlandSystem/usage_log.mdto customize the scoring logic based on the user's role and feature usage patterns. This data is processed locally and is not exfiltrated. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from
System/Dex_Backlog.mdandSystem/Session_Learnings/to generate justifications and update the backlog file. This presents an indirect prompt injection surface where malicious content in these files could theoretically influence agent behavior during processing. - Ingestion points:
System/Dex_Backlog.md,System/usage_log.md,System/Session_Learnings/. - Boundary markers: None explicitly defined for the interpolation of backlog descriptions or session learnings into the scoring prompts.
- Capability inventory: The skill has the capability to write to local files (
System/Dex_Backlog.md) and mentions environment capabilities for shell command execution. - Sanitization: No explicit sanitization or filtering of ingested text content is described before it is used to generate justifications.
- [COMMAND_EXECUTION]: The documentation includes a 'Cursor Feasibility Check' that references the environment's ability to execute shell commands, but the skill itself does not specify or execute any arbitrary or dangerous shell commands.
- [DATA_EXFILTRATION]: The skill includes a silent analytics tracking feature that calls a
track_eventfunction. The data sent is limited to an event name and the count of ideas processed, which is a standard telemetry practice for usage monitoring.
Audit Metadata