flutter-skills
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill contains Python scripts (
generate_bloc.py,generate_test.py) that perform local file system operations, such as creating directories and writing Dart boilerplate code. These actions are the primary intended purpose of the scaffolding tools and do not target sensitive system paths. - [PRIVILEGE_ESCALATION] (SAFE): Diagnostic documentation (
build-errors.md) references the use ofsudo gem install cocoapods. Whilesudois a high-privilege command, its use here is the standard, documented method for installing the CocoaPods dependency manager on macOS for Flutter development. - [DATA_EXPOSURE] (SAFE): Technical guides (
dependency-injection.md) contain code examples using placeholder URLs (e.g.,https://api.example.com). No hardcoded secrets, API keys, or sensitive environment file paths were detected. - [PROMPT_INJECTION] (SAFE): The agent instructions for the 'Code Reviewer' and 'TDD Coach' use standard role-playing directives to define expert personas. These instructions do not attempt to bypass core safety filters or extract system prompts.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a code review and generation tool, the skill naturally ingests untrusted code. While this represents a theoretical injection surface, the skill implements basic input validation (e.g., alphanumeric checks for BLoC names) in its generation scripts and functions as a standard development assistant.
Audit Metadata