design-polish
Fail
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill identifies and instructs the agent to read from sensitive file paths such as
.envandlib/config/to obtain login credentials, leading to potential data exposure. - [COMMAND_EXECUTION]: It uses a local script
scripts/emu.shto execute multiple shell commands for emulator management, including booting the device, running builds, and capturing UI state. - [PROMPT_INJECTION]: The workflow creates a surface for indirect prompt injection by ingesting untrusted application source code and UI structure data. Ingestion points: Reads Dart source files in
lib/and UI dumps from the emulator. Boundary markers: Does not implement delimiters to isolate application data from agent instructions. Capability inventory: The agent can execute shell commands and modify existing project files. Sanitization: There is no evidence of sanitization or validation of the data being processed.
Recommendations
- AI detected serious security threats
Audit Metadata