webext-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows content scripts and injected scripts reading page data from arbitrary webpages (e.g., onMessage('getPageData') returning document.title and location.href and using sender.tab?.url in onMessage('pageAction')), meaning it ingests untrusted third-party page content that can influence message handling and action decisions.