web-to-figma-chrome-extension

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The extension injects content scripts on "<all_urls>" (manifest.json) and capture.js recursively extracts text nodes, styles, and images (with background.js proxy fetching arbitrary image URLs), so it ingests untrusted public webpage content at runtime which could carry embedded instructions that influence downstream processing.