Chrome Extension Development with WXT

This skill is an instruction-only developer guide for WXT-based extensions and appears coherent with that purpose. It does not request credentials or install code on its own, but follow these precautions before using the workflow it describes: - Review package sources/templates before running npm create/npm install — npm packages bring third-party code into your project. Prefer official wxt templates or inspect the template repository. - Check manifest permissions generated for the extension. Avoid broad host_permissions or <all_urls> unless strictly needed; excessive permissions increase risk to users. - Be careful with defineWebExtConfig options like keepProfileChanges and chromiumProfile/firefoxProfile: pointing to your real browser profile or enabling persistent changes will expose cookies, logins, and stored data to the test extension. Use throwaway profiles or CI-specific profiles when testing. - Do not hardcode API keys or secrets in source; follow the references' advice to store secrets in browser.storage and protect them appropriately. - When packaging or publishing, inspect the final build (.zip) and manifest for unexpected permissions or network endpoints. - If you need higher assurance, run builds and template installs inside an isolated environment (container/VM) and audit node_modules or run dependency-scanning tools. Overall, the skill is internally consistent and useful for extension development; the main risks are the normal developer-side privacy and supply-chain concerns inherent to npm-based web development, not anything anomalous in the skill itself.