dart-pub-dev-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill queries pub.dev (a public, third‑party site) and returns package descriptions, download counts, topics, license and publisher info as part of its required workflow (see the Tool Description / Usage in SKILL.md), so untrusted/user-generated content from pub.dev would be read and could materially influence the agent's package-selection decisions.