flutter-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted external data which can be used to hijack the agent's behavior.
- Ingestion points: The agent is instructed to query a context manager for Flutter project requirements, UI/UX goals, and target platforms (SKILL.md, lines 8 and 88-96).
- Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the ingested requirements.
- Capability inventory: The agent has access to powerful CLI tools via the MCP Tool Suite, including flutter, dart, git, firebase, and fastlane, which can execute code, modify files, and perform network operations.
- Sanitization: There is no evidence of sanitization or schema validation for the data ingested from the context manager.
- [Command Execution] (MEDIUM): The development workflow involves the systematic execution of CLI tools (flutter, git, fastlane) based on external requirements, creating a pathway for arbitrary command injection if requirements are maliciously crafted.
Recommendations
- AI detected serious security threats
Audit Metadata