webperf-core-web-vitals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and decision tree explicitly instruct the agent to run in-page scripts (e.g., LCP.js, LCP-Image-Entropy.js, Image-Element-Audit) that read DOM, performance entries, resource URLs and even fetch resource headers from the target webpage—i.e., arbitrary third-party/public site content—and those script return values are used to decide follow-up actions, so untrusted page content can materially influence the agent's tool usage and decisions.