webperf-interaction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts (e.g., Long-Animation-Frames-Script-Attribution.js, Long-Animation-Frames.js, LongTask.js and the referenced First-And-Third-Party-Script-Info.js) read performance entries and script sourceURLs from the inspected web page and explicitly categorize/attribute third‑party scripts (seen in SKILL.md decision trees and script code), so the agent ingests untrusted, user/third‑party page content and uses it to drive follow-up tooling and recommendations.