lighthouse-ci-integrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required CI workflow runs Lighthouse against arbitrary/public URLs (see lighthouserc.js collect.url and the GitHub Actions steps that run "lhci autorun --url=${{ steps.wait-for-vercel.outputs.url }}" and the PR comment integration), meaning the agent will load and interpret untrusted web pages and use those results to drive CI decisions and PR comments/alerts.