Third-party extension risks