web-perf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and analyze arbitrary public pages (e.g., the required workflow calls navigate_page(url: "") and list_network_requests, and it also prefers retrieval from web.dev and developer.chrome.com), so the agent will ingest untrusted third‑party web content that can influence analysis and actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs adding and running the MCP server via the command "npx -y chrome-devtools-mcp@latest", which fetches and executes remote npm package code at runtime and is presented as a required dependency for traces, so it is a high-confidence runtime external code execution dependency.