flutter-skill-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- UNVERIFIABLE DEPENDENCIES (HIGH): The skill requires global installation of 'flutter-skill' from NPM. The author account 'ai-dashboad' is not a trusted source and the name is a suspected typosquat of 'dashboard', indicating a high risk of a supply chain attack or malicious code inclusion.
- COMMAND EXECUTION (HIGH): The skill documentation explicitly instructs users to launch arbitrary system paths via 'flutter-skill launch /path/to/your/app', which allows the agent to execute any file on the local system.
- INDIRECT PROMPT INJECTION (HIGH):
- Ingestion points: Reads screenshots, UI element text, and application state from external running processes.
- Boundary markers: None. The agent treats UI text as data to be acted upon without isolation.
- Capability inventory: Full UI control including 'tap', 'enter_text', and 'screenshot' capabilities across 8 platforms.
- Sanitization: None. An attacker-controlled app UI can provide instructions that the agent would follow with full system-level interaction capabilities.
- DATA EXFILTRATION (MEDIUM): The 'screenshot' and 'get_elements' tools give the agent visibility into all data displayed within the target application. This could include PII, financial data, or credentials, which are then processed by the LLM and potentially exfiltrated through subsequent agent actions.
- METADATA POISONING (MEDIUM): The author's use of 'ai-dashboad' instead of 'ai-dashboard' in the repository URL and package metadata is a deceptive pattern used to mask the lack of reputation or to mimic legitimate projects.
Recommendations
- AI detected serious security threats
Audit Metadata