flutter-expert
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains no instructions to ignore system prompts, bypass safety filters, or extract system instructions. Instructional language like 'IMPORTANT' or 'CRITICAL' is absent.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths (e.g., ~/.aws/credentials) were found. The skill does not perform unauthorized network operations.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or encoded commands were detected in the markdown or metadata.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): While the skill mentions various Flutter libraries (Riverpod, Bloc, etc.), it does not include commands to download or execute remote scripts (e.g., curl|bash). All mentions are within the context of developer guidance.
- [Privilege Escalation & Persistence] (SAFE): No commands involving sudo, chmod, or modifications to system startup scripts/services were identified.
- [Indirect Prompt Injection] (SAFE): The skill primarily serves as a persona. Although it suggests opening a local resource file ('resources/implementation-playbook.md'), it does not ingest untrusted external data in a way that would trigger unsafe capabilities like command execution or data exfiltration.
Audit Metadata