webperf-media

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs navigating to arbitrary target URLs via mcp__chrome-devtools__navigate_page and the provided snippets (e.g., scripts/Image-Element-Audit.js and scripts/SVG-Embedded-Bitmap-Analysis.js) fetch and parse image/SVG/resource data from those public pages, meaning untrusted third‑party web content is ingested and used to drive follow-up decisions.