dart-drift
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions targeting agent behavior override or safety bypass were identified. The content is strictly technical and educational.
- [Data Exposure & Exfiltration] (SAFE): Connection examples use standard documentation placeholders (e.g., 'localhost', 'user', 'password'). No unauthorized network calls or sensitive file path access (like SSH keys or environment secrets) were found.
- [Obfuscation] (SAFE): All files consist of clear-text markdown and Dart code. No Base64, zero-width characters, or homoglyphs were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Dependencies mentioned (drift, sqlite3, postgres, drift_postgres) are well-known, legitimate packages from the official Dart pub.dev registry. No remote script execution (e.g., curl|bash) is present.
- [Indirect Prompt Injection] (SAFE): The skill provides patterns for generating database queries but correctly emphasizes the use of prepared statements (automatic in drift) and transactions, which are standard security practices. No surfaces targeting the analyzer's reasoning were found.
- [Command Execution] (SAFE): The shell commands included (build_runner, drift_dev) are standard development lifecycle tools for Dart and do not represent malicious execution vectors.
Audit Metadata