thunderbird-extension

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation shows message_display_scripts with "matches": ["<all_urls>"] and example message_content.js that reads document.body.innerText and sends it to the background (messenger.runtime.sendMessage), which clearly ingests arbitrary public web content (untrusted/user-generated) as part of its processing workflow and could therefore allow indirect instruction injection.