flutter-pub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and parses package data from the public pub.dev APIs (e.g., https://pub.dev/api/search, https://pub.dev/api/packages/{package_name}, https://pub.dev/api/packages/{package_name}/score) — sources that contain user-published package metadata/readmes and the skill uses that content to summarize, recommend, and drive installation guidance, so untrusted third-party content could influence agent decisions.