flutter-planning
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided design documents and requirements to generate implementation plans. It creates a surface for indirect prompt injection because it lacks explicit boundary markers or sanitization instructions for the untrusted input data.
- Ingestion points: Processes external "design or requirements" provided by the user.
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are defined for the input content.
- Capability inventory: The skill generates executable shell commands (
flutter analyze,git commit) and writes implementation code to the filesystem. - Sanitization: There are no instructions to escape or validate the user-provided requirements before incorporating them into the generated plan.
- [COMMAND_EXECUTION]: The implementation plans generated by this skill include standard development shell commands such as 'flutter analyze', 'flutter test', and 'git commit'. While these are routine development tools, they represent an execution capability that could be leveraged if the input requirements contain malicious content.
Audit Metadata