firefox-extension

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit insecure pattern—examples of passing API keys/secrets as command-line arguments (web-ext sign --api-key $KEY --api-secret $SECRET) and plaintext example env variables—so it could require or encourage embedding secret values verbatim in outputs/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows the extension is designed to inject and run code on arbitrary web pages (e.g., Manifest V3 content_scripts with matches ["https:///"], MV2 permissions "https:///", host_permissions and examples using browser.scripting.executeScript, tabs.create, and runtime.onMessageExternal), which clearly ingests untrusted public web content that could influence runtime actions.