flutter-clean-arch
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill follows mobile security best practices by utilizing flutter_secure_storage for sensitive data and enforcing HTTPS through Android network security configurations and iOS App Transport Security settings.
- [EXTERNAL_DOWNLOADS]: Dependencies listed in the pubspec template are standard community packages from pub.dev, such as dio, go_router, and flutter_bloc. The logging utility nconsole is a vendor-owned resource used for debugging as described.
- [PROMPT_INJECTION]: An indirect prompt injection surface (Category 8) is present as the skill processes untrusted data from deep links (lib/route/app_route.dart) and API responses (lib/data/data_sources/remote/). However, this is mitigated by the inclusion of an input validation and sanitization guide in the security checklist, and the skill utilizes network and storage capabilities appropriately.
- [DATA_EXFILTRATION]: Networking templates utilize secure interceptor patterns for authentication and token management, with no evidence of credential harvesting or unauthorized data transmission to third-party domains.
Audit Metadata