writing-vite-devtools-integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and required setup explicitly allow loading arbitrary external web pages and resources into DevTools (e.g., the Quick Start iframe URL 'https://example.com/devtools' in SKILL.md and external icon/iframe URL examples in references/dock-entry-types.md), which means untrusted third-party pages can be fetched and run client code that can call RPCs or otherwise influence the plugin's behavior.