label-capture-flutter
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, data exfiltration, or unauthorized command execution were detected. The skill's behavior is consistent with its stated purpose of assisting developers with SDK integration.
- [PROMPT_INJECTION]: The skill contains instructions to prioritize provided reference materials over training data ("Do Not Trust Internal Knowledge") and to fetch documentation directly rather than asking the user to search for it. These are benign UX and accuracy constraints designed to ensure the agent uses correct SDK versions, rather than attempts to bypass safety filters or conceal malicious intent.
- [EXTERNAL_DOWNLOADS]: All external links point to official Scandit documentation (
docs.scandit.com,ssl.scandit.com) or official GitHub repositories (github.com/Scandit). These are verified vendor resources consistent with the skill's authorship. - [DATA_EXFILTRATION]: While the skill assists with license key setup using placeholders (e.g.,
-- ENTER YOUR SCANDIT LICENSE KEY HERE --), it does not contain any code or instructions to exfiltrate these keys or other sensitive environment data. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. The skill correctly recommends standard Flutter package management via
pubspec.yamlusing official Scandit packages. - [COMMAND_EXECUTION]: The skill does not instruct the agent to execute shell commands. It provides code snippets for the user to implement in their own Flutter project context.
- [DATA_EXPOSURE]: The skill operates on standard application files like
pubspec.yamland.dartscreen files to perform its integration tasks. No access to sensitive system directories (like.sshor.aws) is requested or implied.
Audit Metadata