web-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly asks for and audits arbitrary public URLs (see "Usage Patterns" and "Common Commands/API" showing passing --url or POSTing {"url":"https://example.com"} to run Lighthouse audits), meaning it fetches and interprets untrusted third-party web content whose results can drive follow-up optimization actions.