lazycat-developer-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow instructs the agent to read its reference docs (e.g., references/manifest-spec.md and references/dynamic-deploy.md) which explicitly support and document injecting scripts from external http(s) URLs (InjectScriptConfig.src supports http(s)://...), meaning the agent will create/handle configurations that cause the platform to fetch and execute untrusted third‑party scripts that can materially change runtime behavior.