sparkscan-flutter
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious prompt injection patterns were detected. The instructions include quality-control constraints (e.g., 'Do not tell the user to check the docs themselves') and guidance on using training data versus provided context, which are standard prompt engineering techniques for technical assistants and do not attempt to bypass safety filters or conceal malicious intent.
- [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. Code templates use safe placeholders for sensitive information like license keys (e.g., '-- ENTER YOUR SCANDIT LICENSE KEY HERE --').
- [EXTERNAL_DOWNLOADS]: All external links and dependencies are directed to official and trusted vendor resources, including 'docs.scandit.com' and the 'Scandit' organization on GitHub. These references are used for documentation and sample code retrieval as part of the skill's primary function.
- [REMOTE_CODE_EXECUTION]: No patterns for remote code execution were found. The skill suggests standard package management workflows (e.g., 'flutter pub get') for official Scandit plugins.
- [COMMAND_EXECUTION]: The skill uses standard Flutter CLI commands for package management and environment setup, which are appropriate for its stated purpose as a developer tool.
- [SAFE]: The skill's behavior is consistent with its stated purpose of assisting with the Scandit SparkScan SDK. No suspicious metadata, persistence mechanisms, or privilege escalation attempts were identified.
Audit Metadata