Skills
NYC
skills/rodydavis/skills/displaying-html-in-flutter/Gen Agent Trust Hub

displaying-html-in-flutter

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill provides instructions for displaying HTML content from potentially untrusted external sources or strings.
  • Ingestion points: Data passed to the src parameter in the easy_web_view package or the loadUrl method in webview_flutter (referenced in SKILL.md).
  • Boundary markers: None present; the instructions do not include methods for delimiting untrusted data or warning the agent about embedded instructions.
  • Capability inventory: The skill enables the rendering of web content, which can include JavaScript execution and external network requests within the context of a WebView component.
  • Sanitization: No sanitization or content security policy (CSP) guidance is provided to mitigate the risk of malicious HTML or scripts being executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:19 PM