flutter-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's code explicitly includes an ApiClient and app_constants baseUrl and uses public endpoints (see references/setup-guide.md / app_constants.dart and the UserRemoteDataSource which calls /users, with an example base URL https://jsonplaceholder.typicode.com), so it fetches and parses untrusted public API data that is displayed/used by the app.