tampermonkey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly shows and instructs users to fetch and ingest arbitrary public web content (e.g., GM_xmlhttpRequest with @connect, @require and @resource external URLs, and examples for scraping website data / DOM access and unsafeWindow) so the agent would read/interpret untrusted third-party pages/APIs as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's examples show @require loading external JavaScript at runtime (which executes remote code), e.g. https://code.jquery.com/jquery-3.6.0.min.js (and similarly https://cdn.jsdelivr.net/npm/lodash@4.17.21/lodash.min.js), which are fetched during script runtime and can run arbitrary remote code in the userscript context.