feature-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface during the requirement analysis phase.
- Ingestion points: Processes untrusted user input in the form of text descriptions, UI screenshots, and design files (SKILL.md, Phase 0).
- Boundary markers: No explicit delimiters or instructions to ignore embedded malicious prompts within user requirements are provided.
- Capability inventory: Generates complex Flutter/Dart source code and triggers CLI commands such as
flutter analyzeandflutter test(SKILL.md, Phase 5). - Sanitization: There are no documented steps for sanitizing or validating the extracted entities and API structures before code generation.
- [COMMAND_EXECUTION]: The workflow incorporates standard Flutter development commands for quality assurance.
- Evidence: Phase 5 specifies the use of
flutter analyze,dart format,flutter test, andflutter gen-l10n. These are legitimate developer tools used within their intended context.
Audit Metadata