performance-profile

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's generated Node.js profiling script (profile-node.sh) and the browser profiling instructions in SKILL.md ask for and run tools against arbitrary URLs (e.g., the http_load_test autocannon prompt and lighthouse commands like "lighthouse http://localhost:3000 --view"), meaning the agent can fetch and analyze untrusted public web pages provided at runtime and act on their results.