entrig-flutter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to read third-party package README files from the local pub-cache (paths under ~/.pub-cache/hosted/pub.dev) and to call the external Entrig MCP server (https://mcp.entrig.com/beta) whose get_context response includes "reasoning instructions" that the agent must follow — both are external, untrusted/third-party content that the agent is expected to interpret and that can materially change its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to connect to and use the Entrig MCP server at https://mcp.entrig.com/beta at runtime (via MCP tools like get_context, create_notification, etc.), which returns schema/reasoning instructions that directly drive agent prompts/actions and is required for MCP-enabled flows.