wxt-browser-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's content includes multiple content-script examples (e.g., references/inject-choose-correct-world.md, inject-use-main-function.md, and other inject-* rules) that run on arbitrary sites (many examples use matches: [':///*']) and explicitly read page DOM and window variables, so it clearly describes ingesting untrusted, public web content as part of the extension workflow.