skills/pluginagentmarketplace/custom-plugin-flutter/custom-plugin-flutter-skill-backend/Gen Agent Trust Hub
custom-plugin-flutter-skill-backend
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its ingestion of external data. \n
- Ingestion points: SKILL.md demonstrates fetching data from external REST APIs (via dio and http), GraphQL endpoints, and Firebase Firestore collections. \n
- Boundary markers: The provided code examples do not include delimiters or explicit instructions for the agent to ignore potentially malicious instructions within the fetched data. \n
- Capability inventory: The skill enables network operations (dio, http, graphql) and secure local storage operations. \n
- Sanitization: There is no evidence of data sanitization or structural validation for the responses received from external services before they are processed by the application logic.
Audit Metadata