web-perf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs loading and analyzing arbitrary target webpages (see Phase 1: Performance Trace
• navigate_page(url: "<target-url>"), performance_start_trace, list_network_requests, and take_snapshot) so it fetches and interprets untrusted public web content as part of its required workflow, which can influence analysis and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires running "npx -y chrome-devtools-mcp@latest" (fetching and executing a remote npm package at runtime) as the configured chrome-devtools MCP command, so remote code is fetched/executed and is a required runtime dependency.