content-script-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs content scripts to scrape and read host web pages' DOM (e.g., "scraping or reading page state" and the MutationObserver observing document.body), so the agent will consume untrusted third‑party page content and user-generated data.