dx-doctor
Checks the health of dx workflow files and installed plugins, providing a status report for diagnostics.
Install this skill
or
74/100
Security score
The dx-doctor skill was audited on Apr 6, 2026 and we found 6 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 333
Webhook reference - potential data exfiltration
SourceSKILL.md
| 333 | - `full-hub`: all pipelines + Lambda + storage + monitoring + apiGateway + webhooks |
medium line 334
Webhook reference - potential data exfiltration
SourceSKILL.md
| 334 | - `consumer`: `pr-review`, `pr-answer`, `eval`, `devagent`, `bugfix`, `dod-fix` pipeline entries + `webhooks.pr-answer` (consumers need their own repo-scoped PR Answer hook) |
medium line 336
Webhook reference - potential data exfiltration
SourceSKILL.md
| 336 | - **Relevant to profile** (pipeline ID or config for an expected agent, or `webhooks.pr-answer` for consumers) → `⚠ unresolved` |
medium line 337
Webhook reference - potential data exfiltration
SourceSKILL.md
| 337 | - **Hub-only** (pipeline ID or config for agents NOT expected in this profile, or Lambda/storage/monitoring/apiGateway sections, or WI webhook entries for consumers) → `— hub-only (not applicable for |
medium line 342
Webhook reference - potential data exfiltration
SourceSKILL.md
| 342 | 5. **Legacy detection:** If profile is `consumer` but infra.json contains `lambdas`, `storage`, `monitoring`, or `apiGateway` sections → `⚠ infra.json contains hub-only sections (likely initialized wi |
low line 112
External URL reference
SourceSKILL.md
| 112 | Plugin documentation is public at https://easingthemes.github.io/dx-aem-flow/ |
Scanned on Apr 6, 2026
View Security Dashboard