flutter-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires fetching and using live standards from public GitHub raw URLs (e.g., the STANDARDS SOURCE entries in references/architecture-compliance.md, references/code-standards.md, and references/testing-quality.md pointing to https://raw.githubusercontent.com/...), and those fetched documents are mandated to be read and used to drive analysis and reporting, so untrusted third-party content can influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching live standards at runtime from raw GitHub URLs (e.g., https://raw.githubusercontent.com/somnio-software/cursor-rules/main/.cursor/rules/flutter/flutter-architecture.mdc and https://raw.githubusercontent.com/somnio-software/cursor-rules/main/.cursor/rules/flutter/flutter-testing.mdc), and those fetched documents directly control the agent's validation instructions and are mandatory for operation.