web-perf

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes a "Memory Protocol (MANDATORY)" that tells the agent to read and write internal .claude/context/memory files — an operational instruction unrelated to performing a web performance audit and potentially used to access/exfiltrate agent memory, so it is a hidden/deceptive instruction outside the skill's stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md Phase 1 "Lighthouse Audit" explicitly instructs running Lighthouse (e.g., "npx lighthouse https://example.com") against arbitrary websites, which requires fetching and analyzing public third-party web pages whose content the audit interprets and uses to drive recommendations.