flutter-scalable-app
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface through its core workflow of translating external design data from Stitch or Figma into Flutter widgets and logic. A malicious design file could include metadata or descriptions designed to manipulate the code generation process.
- Ingestion points: Processes external design tokens, component hierarchies, and screen descriptions referenced in 'references/stitch-to-flutter.md' and user-provided design descriptions.
- Boundary markers: No specific delimiters or safety instructions are present to prevent the agent from interpreting instructions embedded within the design data as commands.
- Capability inventory: The skill is capable of generating code that performs network communication (via Dio and Firebase), authentication (via Firebase Auth), and sensitive configuration management (via flutter_dotenv).
- Sanitization: The reference materials do not specify validation or sanitization protocols for external design input before it is used to generate application code.
Audit Metadata