extension-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching external framework/docs via "docs-seeker" or web search in SKILL.md Step 2 (e.g., react.dev, developer.chrome.com) and references/message-passing-patterns.md even shows a background handler that does fetch(msg.url) for URLs received from messages, which means the agent ingests untrusted, user-supplied third‑party content that can affect runtime behavior.