Skills
skills/pluginagentmarketplace/custom-plugin-flutter/custom-plugin-flutter-skill-database/Snyk

custom-plugin-flutter-skill-database

Warn

Audited by Snyk on Mar 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The SKILL.md shows runtime ingestion of remote, potentially user-generated data—e.g., SyncEngine calling remote.getUpdates() and FirestoreRepository reading collection snapshots/doc.data()—so third-party content from cloud databases (Firestore/remote API) is fetched and used to drive merge/sync logic.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 08:49 AM
Issues
1