lighthouse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's measurement flow (scripts/psi-measure.mjs and Phase 1/01-measure.md) calls the PageSpeed Insights (PSI) API / pagespeed.web.dev for deployed or operator-supplied public URLs and Phase 2/02-analyze.md explicitly requires reading the resulting reports/ JSON to identify failing audits and drive fix decisions, so untrusted third‑party page/report content is ingested and directly influences subsequent actions.