e2e-testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references an external GitHub organization 'ai-dashboad' (likely a typo for 'ai-dashboard') and an npm package 'flutter-skill'. This organization is not on the Trusted External Sources list. The instructions suggest downloading binaries from GitHub Releases, which bypasses package registry safety checks.
- [COMMAND_EXECUTION] (MEDIUM): The 'flutter-skill init' command is described as 'auto-detects project type and patches your app with the testing bridge.' This involves automated local code modification which could be used to inject malicious logic into the user's software projects.
- [DATA_EXFILTRATION] (LOW): The skill provides the agent with high-privilege access tools including 'screenshot', 'get_logs', and 'get_text'. This exposes sensitive data (API keys, PII, session tokens) displayed in the UI or printed to console logs to the AI agent and the external MCP server.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill has a significant attack surface for indirect prompt injection.
- Ingestion points: UI text via 'get_text', element labels via 'inspect_interactive', and application logs via 'get_logs'.
- Boundary markers: None mentioned in the skill documentation to separate application data from agent instructions.
- Capability inventory: The agent can perform 'tap', 'enter_text', 'clear_logs', and 'press_key' actions.
- Sanitization: No evidence of sanitization for UI content or logs before they are processed by the agent.
Audit Metadata