flutter-design-system
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The file
references/dls-modular-pattern.mdcontains an absolute local file system path:/Users/nguyenhuyhoang/FlutterProject/C3/flutter-temp/packages/v_dls. This reveals internal directory structures and the system username of the author. - [PROMPT_INJECTION]: The
SKILL.mdfile uses high-urgency directives such asPriority: P0 (CRITICAL)andZero toleranceto override default agent behavior and enforce specific coding patterns over standard practices. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted user data.
- Ingestion points: The agent analyzes and refactors user-provided Flutter code (UI widgets and theme configurations).
- Boundary markers: There are no explicit markers or instructions defined to prevent the agent from following malicious instructions embedded within the user's Flutter code comments or string literals.
- Capability inventory: The skill has the capability to generate and modify application code, which could be exploited to inject logic if the agent is manipulated by input data.
- Sanitization: There is no evidence of sanitization or validation of the user-provided code before the agent applies the design system rules.
Audit Metadata