flutter-ui-components
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest user-provided component specifications to generate executable Dart code, which is a surface for potential injection of malicious instructions.
- Ingestion points: Processes user prompts in SKILL.md for UI component creation and migration tasks.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within user-provided strings.
- Capability inventory: The skill possesses the ability to write .dart files to the local design system directory and trigger development actions like hot reloading via MCP tool calls (mcp__dart__hot_reload).
- Sanitization: No sanitization or validation of user-provided content is performed before it is interpolated into the generated source code.
Audit Metadata