oma-mobile
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for mobile application development using Flutter and React Native. A thorough review of the instructions, code snippets, and execution protocols found no evidence of malicious intent or security vulnerabilities.
- [PROMPT_INJECTION]: No prompt injection or safety bypass patterns were detected. Instructional phrases such as "Do NOT stop or ask for help until you have exhausted the playbook" are standard behavioral guidance for autonomous agents and do not attempt to override core safety filters.
- [DATA_EXFILTRATION]: No evidence of data exfiltration or unauthorized network operations was found. The provided code snippets demonstrate standard, secure authentication practices using JWT tokens and secure storage (e.g.,
flutter_secure_storage). - [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code downloads or execution. All referenced packages (Riverpod, Dio, Drift, etc.) are well-known, standard libraries within the mobile development ecosystem.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided task requirements (Category 8 surface), it is used within the context of generating source code for mobile apps. The risk is minimized by the instructional framework that requires the agent to follow a specific execution protocol and verification checklist.
Audit Metadata