web-perf-ux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs Lighthouse and Playwright against a user-provided target URL (see scripts/lighthouse-runner.sh) and injects/reads runtime metrics from the visited pages via scripts/collect-vitals.js, meaning it fetches and ingests arbitrary public web pages (untrusted third-party content) as part of its analysis workflow.