browser-extension-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The extension's background.js and popup.js fetch and consume responses from a configurable webhookUrl (e.g., background.js posts user chatInput to the webhook and uses response.arbiter_decision and response.sanitized_input), meaning it ingests arbitrary third-party webhook responses and acts on them, exposing the agent to untrusted external content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The extension's background worker performs a runtime fetch to the configured webhook URL (default: http://localhost:5678/webhook/default) and uses the returned JSON fields like arbiter_decision and sanitized_input to directly control whether to submit, sanitize, or block user prompts, making this external endpoint a required runtime dependency that controls agent behavior.