Skills
skills/dart-lang/skills/dart-setup-ffi-assets/Gen Agent Trust Hub

dart-setup-ffi-assets

Warn

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation instructs users to execute sudo apt install build-essential on Linux systems, which requires administrative privileges to install the system-level C/C++ compiler toolchain.
  • [EXTERNAL_DOWNLOADS]: The skill provides a implementation pattern (Method 2) for downloading precompiled native library binaries (Dynamic Libraries) from a remote GitHub repository using HttpClient at build time.
  • [REMOTE_CODE_EXECUTION]: Binaries fetched from external sources are registered as CodeAsset objects, which the Dart runtime then bundles and dynamically loads. Although the provided code includes MD5 integrity checks against a hardcoded lookup table, this pattern fundamentally facilitates the execution of remote native code.
  • [EXTERNAL_DOWNLOADS]: The skill guides the agent to add several Dart packages from the public pub.dev registry, including code_assets, hooks, native_toolchain_c, record_use, and ffigen.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 08:11 PM
Security Audit — agent-trust-hub — dart-setup-ffi-assets