browser-extension-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation instructs using content scripts that run on web pages (e.g., content/content.js with manifest matches like "<all_urls>" and examples that read document.querySelector('.data')?.textContent), which means the extension will ingest untrusted public web page content that can be read and acted on by the agent's workflow.