state-management-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate development tool that performs static analysis on local project files without any hidden malicious functionality or exfiltration attempts.\n- [COMMAND_EXECUTION]: The skill uses
grep,find,wc, andxargsto identify architectural patterns. These commands are used according to best practices for local code analysis and are limited to the project scope.\n- [PROMPT_INJECTION]: The skill processes untrusted local source code, creating an indirect prompt injection surface. However, the impact is low as the agent only performs analysis and does not have write or network capabilities.\n - Ingestion points:
pubspec.yamland Dart files in thelib/directory.\n - Boundary markers: Absent; the skill directly processes file content without specific delimiters.\n
- Capability inventory: Read-only filesystem operations using standard command-line tools (
grep,find,wc,xargs).\n - Sanitization: Absent; the skill relies on pattern matching against user-provided code.
Audit Metadata