chrome-extension-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references (e.g., references/patterns.md and references/manifest-v3.md) show content scripts with host_permissions/matches like "<all_urls>" and an explicit "ref番号" / LLM action flow that reads page DOM and executes clicks, so the agent would ingest and act on arbitrary third-party web page content (untrusted) at runtime.