Skills
skills/dkod-io/dkod-plugin/dkod/Gen Agent Trust Hub

dkod

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands such as claude mcp add and export to configure the dkod MCP server and authentication tokens. These are used for initial setup and environment configuration.
  • [EXTERNAL_DOWNLOADS]: Configures and interacts with the dkod MCP server hosted at https://api.dkod.io/mcp. This external resource is owned by the skill vendor and is required for the parallel execution features.
  • [PROMPT_INJECTION]: The skill processes untrusted codebase data through tools like dk_file_read and dk_context, and has the capability to write changes back via dk_file_write and dk_push.
  • Ingestion points: dk_file_read and dk_context tools (documented in SKILL.md and references/mcp-workflow.md).
  • Boundary markers: Absent; no explicit instruction delimiters are mentioned for processing external code.
  • Capability inventory: dk_file_write, dk_merge, dk_push, and dk_submit allow for codebase modification and PR creation (documented in SKILL.md and references/mcp-workflow.md).
  • Sanitization: Absent; the skill performs AST-level structural analysis which does not validate against natural language instructions embedded in code comments or strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 04:43 PM