compose-performance-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly asks the agent to ingest and analyze untrusted, user-provided artifacts — e.g., "Target Composable code", Layout Inspector screenshots, and Perfetto traces — which the agent will read and act on to make decisions, creating a pathway for indirect prompt injection via those third-party inputs.