Is Prompt Security Browser Extension safe?
This security report analyses whether Prompt Security Browser Extension is safe to install on your browser. We check Prompt Security Browser Extension for malicious behaviour, data exfiltration, suspicious permissions, and known vulnerabilities so you can decide if Prompt Security Browser Extension is safe for your personal or enterprise fleet.
Enterprise DLP tool that monitors AI chat inputs to prevent data leakage. CRITICAL: externally_connectable allows ANY website to invoke extension APIs (callProtectApi, callMcpApi) without origin validation. Intercepts user input to AI platforms, transmits to Prompt Security servers.
AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.
Publishers can request a review.
Findings
Wildcard externally_connectable allows any website to invoke DLP scanning APIs using corporate credentials
manifest.json lines 28-33 sets externally_connectable matches to ["http://*/*","https://*/*"]. background.bundle.js at the onMessageExternal.addListener block (offset ~97862) exposes six message handlers: callProtectApi, callProtectApiForResponse, callProtectFileApi, callShouldInspectChat, addLog, callMcpApi. Any third-party website can call chrome.runtime.sendMessage('iidnankcocecmgpcafggbgbmkbcldmno', {message:'callProtectApi', ...}) and the background script will process it, forwarding content to the Prompt Security API using the corporate APP-ID key stored in chrome.storage.
All user prompts sent to every AI platform are transmitted to Prompt Security's external backend
background.bundle.js function R (offset ~66749) builds a POST request to `${apiUrlPrefix}/api/protect` with body containing: prompt text (user-entered), user email (from chrome.identity), extension_data (full context object), conversation_id, prompt_response_id, url, domainType, isEnterpriseVersion, agentId, appUserEmail. The APP-ID corporate key is in the Authorization header. Function E() (offset ~59815) resolves apiUrlPrefix from managed schema apiDomain. This fires on every AI prompt submission across 23+ monitored AI platforms via XHR/fetch hooks in script.bundle.js.
postMessage relay in content script uses wildcard target origin, exposing DLP scan results to any co-resident script
content.bundle.js offset ~14255 registers window.addEventListener('message', ...) that forwards FROM_PAGE messages to background via chrome.runtime.sendMessage and posts the response back with window.postMessage({type:'FROM_BACKGROUND', ...}, '*'). The wildcard '*' target origin means any script on the same page (e.g., injected via XSS on ChatGPT) can receive DLP scan results. script.bundle.js offset ~14951 sends the FROM_PAGE messages using Math.random().toString(36) + Date.now() as messageId — weak entropy, vulnerable to racing.
+3 more findings not shown
Sign up to see all findings