Skills
skills/davekilleen/dex/dex-update/Gen Agent Trust Hub

dex-update

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads update packages and repository data from the author's GitHub repository at github.com/davekilleen/dex.
  • [REMOTE_CODE_EXECUTION]: After fetching updates, the skill automatically executes shell scripts located within the downloaded content, such as migration scripts in core/migrations/ and an automation installer in .scripts/meeting-intel/.
  • [COMMAND_EXECUTION]: The skill uses the command line to perform Git operations (fetch, merge, tag), manage Node.js and Python dependencies (npm install, pip install), and configure background services using macOS launchctl.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local files including .env, project configuration files (.mcp.json, user-profile.yaml), and third-party application data (Granola cache) to ensure feature continuity and perform necessary data migrations during the update process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:41 AM
Security Audit — agent-trust-hub — dex-update