Is Dark Mode safe?

Legitimate dark theme extension with postMessage handler vulnerability lacking origin validation. Could allow malicious sites to trigger unintended dark mode application via cross-frame messaging. No data exfiltration.