flutter-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Workflow references deeplink.md and firebase-fcm.md (see SKILL.md workflow steps 6 and 9) which instruct runtime parsing of arbitrary external URIs (state.uri) and FCM/data payloads (message.data) and then performing navigation, state changes, and API calls, so untrusted third‑party content can directly influence app behavior.