Skills
skills/justinmc/flutter-skills/flutter-triage/Gen Agent Trust Hub

flutter-triage

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to fetch data from the GitHub API. While it targets a well-known service (GitHub), the use of system commands for network operations is a capability that should be noted.
  • [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (GitHub issue bodies and comments) and uses the LLM to generate summaries and action items.
  • Ingestion points: scripts/parse_api_response.py fetches issue bodies and comments from the GitHub API.
  • Boundary markers: None identified in the prompt templates; the LLM is simply instructed to read the context field and generate summaries.
  • Capability inventory: The skill uses curl for network requests and executes Python scripts (scripts/combine_json.py, scripts/parse_api_response.py, scripts/parse_triage_readme.py) via subprocesses.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub before it is passed to the LLM for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 07:42 AM