lazycat-dynamic-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's injects feature (see SKILL.md "application.injects" and references/injects.md under "脚本来源") explicitly allows scripts[].src to be an http(s):// URL and describes loading/executing remote scripts into third-party HTML pages, meaning untrusted web-hosted content can be fetched and can influence runtime behavior.