profiling-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Quick Start and CLI examples show running Lighthouse against arbitrary URLs (e.g., the audit(url) function and "npx lighthouse https://example.com" in SKILL.md), which means it fetches and analyzes public web pages (untrusted third-party content) as part of its workflow and those page contents can influence profiling results and subsequent remediation decisions.