web-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes runtime code that fetches arbitrary public webpages—e.g., scripts/performance-auditor.py (measure_page_load) uses curl on a provided URL and the README shows running Lighthouse against URLs—so untrusted third-party page content can be ingested and directly influence analysis and recommendations.