wxt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly defines content scripts that run on arbitrary public pages (e.g., defineContentScript with matches like ':///*'), shows injecting/reading page scripts via injectScript('/page-script.js') and cross-world CustomEvent communication, which means the agent/extension will ingest and act on untrusted third-party page content that can influence runtime behavior.