dex-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and applies updates from the public GitHub repository (git fetch upstream / download https://github.com/davekilleen/dex/archive/refs/heads/main.zip) and reads upstream files (.mcp.json.example, System/usage_log.md, core/migrations, and install-automation.sh) as part of its workflow, which the agent parses and may execute/merge—allowing untrusted third-party content to materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches updates from the Dex GitHub repo (e.g., git fetch upstream from github.com/davekilleen/dex and the provided download URL https://github.com/davekilleen/dex/archive/refs/heads/main.zip) during runtime and then runs update/migration/install scripts from that fetched code, meaning remote content is fetched and executed and can directly control the agent's behavior.