pub-package-explorer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local shell commands (jq, sed, printf, ls, rg, cat) to resolve package URIs to filesystem paths and inspect their contents. It also mentions running package manager commands like 'dart pub get' or 'flutter pub get' to resolve dependencies if the configuration is missing.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) because it ingests and processes source code from external packages that could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Reads .dart_tool/package_config.json and all source files within resolved package directories.
- Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are used when the agent reads the package source code.
- Capability inventory: The skill can list directories, search code, read file contents, and trigger package downloads via the Dart/Flutter CLI.
- Sanitization: The shell command pattern uses 'jq --arg' to pass package names as variables, which correctly sanitizes input before it is processed by the JSON filter.
Audit Metadata