migrate-to-addfox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required migration instructions include adding content scripts and host permissions that run on arbitrary web pages (e.g., manifest.content_scripts: [{ matches: ['<all_urls>'] }] and app/content/index.ts examples that read document.title/location.href and inject UI), which clearly ingests untrusted public webpage content that can influence extension behavior.