syncfusion-flutter-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the 'syncfusion_flutter_pdf' package and standard Flutter utilities such as 'path_provider', 'open_file', and 'http' from the official pub.dev registry. It also fetches digital signature timestamps and image assets from Syncfusion's official domains (syncfusion.com).
- [COMMAND_EXECUTION]: In its 'Execution Mode' (Mode 2), the skill generates temporary Dart scripts within a designated scripts folder and executes them using the 'dart run' command. This is a primary feature designed to allow users to generate PDF documents without modifying their existing project code.
- [SAFE]: The skill includes functionality for processing external data, which is evaluated for indirect prompt injection risks. 1. Ingestion points: The skill reads external PDF documents and form data files (FDF, XFDF, JSON, XML) as shown in 'references/text-extraction.md' and 'references/forms.md'. 2. Boundary markers: No explicit delimiter or 'ignore' instructions are used when interpolating file data into prompts. 3. Capability inventory: The skill has the ability to write files to disk ('File.writeAsBytes'), execute shell commands ('dart run'), and perform network requests ('http.get'). 4. Sanitization: No specific content sanitization or validation logic was identified for the data extracted from PDF files or imported form data. These risks are inherent to the skill's purpose as a PDF processing tool and do not indicate malicious intent.
Audit Metadata