wp-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs making HTTP/REST requests to target URLs (SKILL.md: curl/--url, Query Monitor headless guidance in references/query-monitor-headless.md, and scripts/perf_inspect.mjs accepts --url) and to inspect/interpret response headers and qm envelope data (untrusted public/site-provided content) which the agent uses to choose profiling steps and fixes, so third-party content can materially influence actions.