syncfusion-flutter-excel
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates solely as a code generator and includes explicit instructions preventing the agent from creating or executing standalone scripts.
- [COMMAND_EXECUTION]: The agent is instructed to read project files such as pubspec.yaml to identify the Flutter platform, which is a benign read operation used to provide contextually correct code.
- [EXTERNAL_DOWNLOADS]: The skill references standard Flutter packages (syncfusion_flutter_xlsio, syncfusion_officechart, open_file) and official Syncfusion documentation, all of which are trusted vendor resources.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads untrusted project files (pubspec.yaml, main.dart); however, this is mitigated by strict instruction boundaries that confine code generation to the provided local reference files. (Ingestion: workspace files; Boundary: strict reference-only generation; Capability: code generation; Sanitization: reference-based output filtering).
Audit Metadata