frontend-performance-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directs Playwright to navigate to user-provided or staging URLs (e.g., mcp__playwright__browser_navigate with localhost/staging URLs) and then reads page content, network requests, and image/src data (mcp__playwright__browser_network_requests and browser_evaluate scripts), which clearly ingests untrusted third‑party web content.