develop-userscripts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents and requires use of web-facing features—e.g., GM_xmlhttpRequest with @connect hosts, @updateURL/@downloadURL and subscription @scriptUrl entries (see SKILL.md and references/metadata-and-api-map.md and references/scriptcat-extensions.md)—which cause userscripts to fetch and execute or act on arbitrary public web content that can change runtime behavior.