Skills
skills/yakoub-ai/flutterforge/flutter-release-readiness/Gen Agent Trust Hub

flutter-release-readiness

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple development commands including flutter, dart, pod, and bash. It specifically references a local script scripts/collect_flutter_logs.sh to identify potential secrets and runs build commands like flutter build appbundle. These operations are consistent with the skill's purpose but involve direct shell interaction.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its processing of untrusted project data.
  • Ingestion points: Reads and parses pubspec.yaml, CHANGELOG.md, AndroidManifest.xml, Info.plist, and ios/Runner.xcodeproj to verify release metadata.
  • Boundary markers: Absent. The skill does not employ specific delimiters to isolate file content from the agent's instructions.
  • Capability inventory: Significant local capabilities including shell command execution (flutter, dart, pod, bash) and filesystem writes (.github/workflows/).
  • Sanitization: Absent. Content from the project files is used in logic and output without explicit validation or escaping.
  • [EXTERNAL_DOWNLOADS]: The skill executes pod install --repo-update, which fetches official CocoaPods dependency specifications from standard repositories. This is a routine and expected part of the iOS build process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:32 AM
Security Audit — agent-trust-hub — flutter-release-readiness