flutter-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
findandwccommands for counting Dart files and test files in the project. This is used solely for project scope discovery and progress reporting. - [DATA_EXPOSURE]: The skill is designed to read and analyze Dart source code files (
**/*.dart) and test files (**/*_test.dart) within the user's project directory. This behavior is necessary for its primary function as a code auditor. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of third-party Dart source code.
- Ingestion points: Reads all project Dart files using
glob_file_searchand theReadtool inreferences/architecture-compliance.md,references/code-standards.md, andreferences/testing-quality.md. - Boundary markers: Absent. The instructions do not specify using delimiters or explicit 'ignore embedded instructions' warnings when analyzing file content.
- Capability inventory: The skill has access to
Bash,Write,Edit, andWebFetchtools as defined inSKILL.md. - Sanitization: Absent. There is no evidence of sanitization or filtering of the code content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: While the skill description mentions validating against 'live GitHub standards', the specific instructions in the reference files direct the agent to read standards from a local directory (
agent-rules/rules/flutter/) within thesomnio-ai-toolsrepository. The GitHub link provided in the metadata is informational.
Audit Metadata