wxt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and required workflows instruct creating content scripts (defineContentScript) that run on arbitrary sites (matches: ['<all_urls>'] or ':///*') and mount UIs that run in the page context (createIntegratedUi / createShadowRootUi can access page DOM and variables), meaning untrusted, user-controlled webpage content is ingested and can influence extension behavior.