The Agent Skills Directory

[SAFE]: The skill is designed for reconnaissance and auditing of Flutter applications. It strictly adheres to a read-only policy for existing files and only performs local file system operations to generate reports upon user request.
[PROMPT_INJECTION]: No direct prompt injection or bypass attempts were detected. The skill instructions focus on structured analysis and reporting without trying to override safety guidelines.
[DATA_EXPOSURE]: The skill intentionally searches for and flags hardcoded credentials, API keys, and sensitive platform-specific permissions in files like AndroidManifest.xml and Info.plist. This data is reported back to the user as part of the audit process and is not exfiltrated.
[REMOTE_CODE_EXECUTION]: There are no patterns involving the download or execution of remote scripts or unverified third-party packages.
[COMMAND_EXECUTION]: The skill does not use shell execution or subprocesses to interact with the system; it relies on reading local text files and directory structures.
[SAFE]: Although the skill processes untrusted project files (Indirect Prompt Injection surface), it lacks the dangerous capabilities (network, shell execution, privilege escalation) necessary to facilitate an exploit. The mandatory evidence chain for the ingestion of untrusted data includes ingestion points in pubspec.yaml and lib/ files, with capabilities limited to reading and writing a local summary report.

flutter-app-discovery