Skills
skills/somnio-software/somnio-ai-tools/flutter-best-practices/Gen Agent Trust Hub

flutter-best-practices

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to use the Bash tool to run shell commands for counting and listing project files. Specifically, it uses find combined with wc -l to identify Dart source files and test files within the project directory for the purposes of setting the audit scope.
  • [PROMPT_INJECTION]: The skill operates by ingesting and analyzing untrusted content from the user's project files, specifically all files matching **/*.dart and **/*_test.dart. It lacks explicit instructions to use boundary markers or treat the file content strictly as data, creating a surface for indirect prompt injection where adversarial instructions hidden in code comments could influence agent behavior.
  • Ingestion points: Project source code and test files discovered via glob_file_search and shell commands.
  • Boundary markers: None present in the provided instructions.
  • Capability inventory: Access to Bash, Write, Edit, and WebFetch tools.
  • Sanitization: No validation or sanitization of the ingested code content is performed before processing.
  • [EXTERNAL_DOWNLOADS]: The skill references architectural and testing standards hosted in the vendor's repository on GitHub (somnio-software/somnio-ai-tools). This is an external reference to documentation used to inform the audit process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:54 AM