webperf-loading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) instructs the agent to navigate to arbitrary target URLs and run Chrome DevTools snippets that read and interpret the page DOM/performance data and even fetch external resources (e.g., scripts/CSS-Media-Queries-Analysis.js performs fetch(f.href)), so untrusted public page content can directly influence follow-up checks and actions.