kernel-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill includes a download-web-store command that fetches and unpacks extensions directly from the public Chrome Web Store (user-contributed, third-party content) which the agent ingests and may load into browser sessions, exposing it to untrusted content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and install Chrome Web Store extensions (e.g. "https://chromewebstore.google.com/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg"), which would download and execute remote extension code in the browser, so the fetched content can run code and affect agent behavior.