flutter-skill-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs the agent to input plaintext credentials (e.g., "password123" via enter_text calls), which requires the LLM to handle and emit secret values verbatim and thus poses an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Although these links point to official platforms (npm and GitHub), the GitHub username “ai-dashboad” (likely a typo/typosquat), the unvetted repository and its docs, and the direct asset link (which could be a binary) raise concern because npm packages can include malicious install scripts and GitHub releases/assets can host executables—so treat them as moderately to highly suspicious until verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to capture and read app UI via screenshot(), get_elements(), and related actions against arbitrary running apps—meaning the agent will ingest whatever third‑party or web content the app displays (e.g., public websites, social feeds, or user-generated content) at runtime.