lazycat-dynamic-deploy

The feature set is coherent for dynamic deployment and automating UI interactions, but it carries significant security risk when used without strict safeguards. Primary threats: credential exposure via manifest/env and injected scripts, client-side data exfiltration by injected code, and supply-chain weakening via file:/// packaged scripts. Recommendations: restrict what secrets can be exposed to injected scripts, implement mandatory review/signing of any injected script (builtin or packaged), add runtime controls (CSP, network egress policies) to block arbitrary external requests from injected scripts, document secure use of stable_secret (entropy, rotation, non-reuse), and enforce least-privilege/approval workflows for any injects configuration. Treat application.injects as a high-risk capability requiring governance before enabling in production.