flutter-scaffold
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use shell commands like mkdir and find to automate the creation of a Flutter feature's directory structure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-provided data (the feature name) directly into a shell command template without validation or sanitization. • Ingestion points: The {feature} placeholder in the mkdir command in SKILL.md is populated by user input. • Boundary markers: No explicit delimiters or instructions are provided to the agent to sanitize or validate the feature name before execution. • Capability inventory: The skill leverages the agent's ability to execute shell commands for file system manipulation. • Sanitization: No input validation logic is present in the skill to prevent potential command injection via a maliciously crafted feature name.
Audit Metadata