webperf-resources

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to run Chrome DevTools evaluation scripts (e.g., Network-Bandwidth-Connection-Quality.js, Image-Element-Audit.js) against the inspected page and to read structured return values like items.url and details from the page's DOM/resources (arbitrary public web pages), and those return values are used by the decision tree to drive follow-up script runs and recommendations—meaning untrusted third‑party page content can materially influence the agent's actions.