Skills
skills/hexsis-llc/skills/pub-package-explorer/Gen Agent Trust Hub

pub-package-explorer

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches package source code from the official pub.dev registry using the dart pub unpack command. This is a standard development operation for exploring package implementations from a well-known, trusted repository.- [COMMAND_EXECUTION]: Employs common CLI utilities like jq, sed, find, ls, and rg to resolve local file paths from .dart_tool/package_config.json and search through source code directories.- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by reading and displaying source code from external packages.
  • Ingestion points: Source code is read from local filesystem paths and directories created by dart pub unpack as defined in SKILL.md.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are provided when the agent reads external code.
  • Capability inventory: The agent uses ls, rg, and cat to navigate and read file contents.
  • Sanitization: No sanitization or validation is applied to the package content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 04:04 AM