flutter-navigation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials or sensitive tokens were detected. Placeholders like 'YOUR_SHA256_FINGERPRINT' and 'TEAMID' are used correctly for documentation purposes.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard Flutter dependencies (go_router, flutter_web_plugins) which are part of the trusted Flutter ecosystem. No untrusted external downloads were found.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns or 'curl | bash' type commands were detected.
- [COMMAND_EXECUTION] (SAFE): The skill includes shell commands for testing deep links (adb, xcrun). These are standard developer utility commands used for local testing and do not pose a security risk in this context.
- [DATA_EXFILTRATION] (SAFE): No network operations or commands attempting to access sensitive local files (~/.ssh, ~/.aws, etc.) were found.
- [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected in the skill content or metadata.
- [OBFUSCATION] (SAFE): All content is in plain text and standard code formats. No hidden characters, Base64-encoded commands, or homoglyphs were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill explains how to ingest data from deep links (URL parameters), which is a common attack surface for applications, the skill itself is purely instructional and does not process untrusted runtime data itself.
Audit Metadata