ask-flutter-architect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute local shell commands for Flutter development (e.g.,
fvm flutter pub run build_runner build,fvm flutter analyze, and shell scripts like./ship-android.sh). These are standard developer operations and do not target sensitive system files or remote malicious endpoints. - [REMOTE_CODE_EXECUTION] (SAFE): No patterns of remote script execution (e.g., curl-to-bash) or untrusted package installations were found. Dependencies mentioned are standard Flutter/Dart ecosystem tools.
- [DATA_EXFILTRATION] (SAFE): No evidence of credential harvesting, access to sensitive directories (like ~/.ssh or ~/.aws), or unauthorized network requests to external domains.
- [PROMPT_INJECTION] (SAFE): The use of 'CRITICAL' and 'IMPORTANT' tags in the documentation is used for architectural enforcement rather than attempting to bypass AI safety filters or override system instructions.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a coding assistant, the skill ingests user-provided Flutter code and project configurations. While this presents an attack surface for indirect injection if a user provides malicious source code, the skill itself does not contain logic to exploit this surface.
Audit Metadata