pub-package-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly resolves and reads package source files from .dart_tool/package_config.json (rootUri/packageUri, typically the pub cache), which are third-party package sources from pub.dev that the agent will read and interpret as part of its workflow and could thus supply untrusted instructions influencing subsequent actions.