lit-and-flutter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The WebComponent injects a (configured via WEBSITE_URL in main.dart) into an InAppWebView and thus fetches and executes arbitrary public web content (e.g., GitHub Pages), which is untrusted third‑party content the agent will load and interpret at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The WebComponent injects a runtime and main.dart defaults bundle to https://rodydavis.github.io/flutter_lit_example/assets/main.js, so the app will fetch and execute remote JavaScript from that URL at runtime as a required dependency.