The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions to execute shell commands for installing the Lighthouse CLI, running the setup wizard, and managing local Docker containers for report storage.
[EXTERNAL_DOWNLOADS]: The configuration templates reference the @lhci/cli package from NPM and various official GitHub Actions (e.g., actions/checkout, actions/setup-node) and third-party actions for CI/CD integration.
[CREDENTIALS_UNSAFE]: The Docker Compose template for an optional server setup uses default credentials ('postgres') for a local database instance. These are standard documentation defaults and are not active secrets.
[DATA_EXFILTRATION]: The skill configures 'temporary-public-storage' which uploads generated audit reports to a public Google Cloud bucket for temporary hosting. This is a built-in feature of Lighthouse CI used for sharing reports in pull requests.
[PROMPT_INJECTION]: The GitHub Action example interpolates a deployment URL into a bash command (lhci autorun --url=${{ steps.wait-for-vercel.outputs.url }}). Ingestion points: .github/workflows/lighthouse-ci.yml (workflow output). Boundary markers: Absent. Capability inventory: Bash (allowed-tools). Sanitization: Absent. This represents an indirect prompt injection surface if the source of the URL is compromised.

lighthouse-ci-integrator