developing-genkit-dart

The skill aims to provide a Dart Genkit SDK experience with CLI tooling and plugin-based extensibility. Its footprint is largely coherent with the stated purpose, but it includes an unverifiable download-and-execute install pattern (curl|bash) from an external domain, which elevates supply-chain risk and security concerns. While the use of official registries for some installs mitigates risk, the curl|bash vector necessitates treating the skill as suspicious-to-high risk until verified or replaced with verified, signed installation mechanisms. No credential harvesting or exfiltration behaviors are evident from the description, but the mix of unverified binary installation and multiple external plugin endpoints warrants caution and potential remediation (e.g., pinning versions, using signed install scripts, or providing a verified binary release).