tampermonkey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and its reference files (notably references/http-requests.md and the header/resource examples) explicitly require and demonstrate using GM_xmlhttpRequest, @require/@resource, GM_getResourceText, GM_addElement and @connect (including wildcards) to fetch and inject content from arbitrary external websites, so the agent would be ingesting and acting on untrusted public third‑party web content that can materially change script behavior.