second-opinion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The extension's content-page.js and background.js actively send user prompts to and read responses from the public site grok.com (SKILL.md requires grok.com open and the extension's scripts submit to the TipTap editor and scrape the resulting response), so untrusted third-party content from grok.com can be ingested and influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill requires an active grok.com session and the Chrome extension injects messages into the grok.com page and reads back Grok's responses at runtime (https://grok.com/*), so external content from that URL directly controls the agent's outputs.