lolipop-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch and follow live instructions from public webpages (https://lolipop.jp/ai/skills/skill.md and https://lolipop.jp/ai/skills/), so the agent will ingest third-party web content at runtime and use it to drive actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs WebFetch at runtime to https://lolipop.jp/ai/skills/skill.md (and https://lolipop.jp/ai/skills/) requesting "return the entire content" and then follows those fetched instructions to guide the agent, so these URLs directly control agent prompts and are required dependencies.