flutter-executing
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard CLI tools for Flutter development, including 'flutter pub get' for package management, 'flutter analyze' for linting, 'flutter test' for unit testing, and 'flutter build' for compilation. It also utilizes 'git' for version control. These commands are typical for the skill's intended purpose.
- [PROMPT_INJECTION]: The skill processes external implementation plans, which introduces a surface for indirect prompt injection. 1. Ingestion points: Implementation plans read from 'docs/plans/'. 2. Boundary markers: The skill does not use specific technical delimiters to isolate plan data from the agent's internal instructions. 3. Capability inventory: The skill has the capability to modify the file system, install dependencies, and execute shell commands. 4. Sanitization: No automated sanitization is present; instead, the skill includes a 'Review critically' step that mandates a human-in-the-loop check to identify potential issues or malicious instructions in the plan before proceeding.
Audit Metadata