browser-extension-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows content scripts that run on web pages (e.g., manifest template with "matches": ["<all_urls>"] and content.js reading document.querySelector(...).textContent and responding to getData), which means the skill instructs consuming and acting on arbitrary public web page content that could contain untrusted/user-generated instructions.