web-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes code that fetches and measures arbitrary public websites (e.g., scripts/performance-auditor.py -> measure_page_load uses curl on a provided URL and the README suggests running Lighthouse against arbitrary URLs), which would ingest untrusted, user-supplied web content for analysis.