publish-flutter-package
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected across the skill files.
- [COMMAND_EXECUTION]: The skill executes standard
gitanddartcommands via local Python scripts. These commands are necessary for analyzing version history and validating package integrity before publication. - [EXTERNAL_DOWNLOADS]: The skill references a reusable GitHub Action from the official
dart-langorganization. This is a well-known, trusted source for Dart and Flutter development tools. - [PROMPT_INJECTION]: The skill processes git commit messages to generate changelog drafts, which constitutes an indirect prompt injection surface. However, the workflow requires the user to review and confirm the suggested content and versioning before proceeding, effectively mitigating the risk of automated exploitation.
Audit Metadata