The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/build.sh performs unsafe evaluation of configuration values. Specifically, the line EXPORT_PATH_EXPANDED=$(eval echo $EXPORT_PATH) executes the content of the $EXPORT_PATH variable. Since this variable is populated from the .flutterbuild.yml file using yq, a malicious repository could include shell commands (e.g., $(rm -rf /)) in the configuration file to achieve arbitrary code execution on the user's machine.
[PROMPT_INJECTION]: The skill instructions in SKILL.md contain a 'Constraint Rule' (约束规则) for 'Silent execution' (静默执行), which states: 'After the user issues a packaging command, execute directly without confirmation' (用户发出打包指令后无需确认，直接执行). This instruction attempts to override the agent's safety protocols that normally require human-in-the-loop confirmation for sensitive system operations like shell execution and file modification.
[COMMAND_EXECUTION]: The script uses sed -i to perform string replacement in pubspec.yaml using the $CURRENT_VERSION variable extracted from the same file. If the pubspec.yaml file contains malicious shell metacharacters in its version field, it could lead to unexpected behavior during the execution of the sed command.
[INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect injection from untrusted project files.
Ingestion points: .flutterbuild.yml and pubspec.yaml are read to configure build behavior.
Boundary markers: None. The data is treated as trusted configuration.
Capability inventory: The skill has broad capabilities including file system modification (sed, mkdir, cp), package management (flutter pub get), and hardware interaction (adb install).
Sanitization: There is no validation or escaping of the values read from configuration files before they are used in shell commands or the eval function.

flutter-build