writing-vite-devtools-integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and Dock Entry Types sections explicitly show registering iframe dock entries with arbitrary URLs (e.g., Quick Start's url: 'https://example.com/devtools' and iframe examples) and include client-side examples that call/getDevToolsRpcClient and RPC handlers, so untrusted third-party pages loaded into those iframes can run scripts that invoke RPC/actions and materially influence tool behavior.