flutter-setup-declarative-routing
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as 'flutter create', 'flutter pub add', and 'adb shell' to automate project setup and test deep linking. These are standard tools for the described purpose.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: placeholders for and yourdomain.com in SKILL.md. Boundary markers: none present to delimit untrusted user input. Capability inventory: shell command execution as defined in the setup workflows. Sanitization: the instructions do not include validation or escaping for user-supplied strings before they are used in command-line arguments.
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'go_router' package from the official and trusted Dart package registry (pub.dev) using the standard 'flutter pub add' command.
Audit Metadata