gtm-performance-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires a target URL and explicitly uses Chrome DevTools MCP calls (mcp__chrome-devtools__navigate_page, evaluate_script, list_network_requests, performance traces) to fetch and analyze live pages and their third‑party tags/resources (e.g., GTM, custom HTML, vendor scripts), so it ingests untrusted public web content that can materially influence audit decisions.