browser-extension-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows a manifest with content_scripts matching "<all_urls>" and content script examples that read DOM text (document.querySelector(...)) and act on page content/inject UI, meaning the agent would ingest and act on arbitrary public web pages' (untrusted) content.