flutter-duit-bdui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and references/public_api.md explicitly describe XDriver remote/HTTP and WebSocket transports that fetch and ingest JSON layouts from remote servers (e.g., "Server sends JSON layouts → Duit renders them" and the Transport Configuration examples), meaning untrusted third-party content can directly control UI and server actions and thus influence agent behavior.