Skills
skills/morning-start/coze-skills/wxt-skills/Snyk

wxt-skills

Warn

Audited by Snyk on Feb 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). This skill's documentation and examples (e.g., api/utilities.md showing injectExternalScript('https://example.com/script.js') and api/entrypoints.md / examples/content.ts configuring content_scripts with matches: ['<all_urls>']) demonstrate runtime loading and reading of arbitrary public web pages and external scripts, which are untrusted and can directly influence extension behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 01:24 AM