"can read, modify and transmit content"

[keirthomas]

No idea if this is new but Safari is now warning me that this extension "can read, modify and transmit content from all webpages. This could include sensitive information like passwords, phone numbers, and credit cards."

[arnoappenzeller]

This was added in Safari 10 for the new native extensions. In fact any browser extension could do this since it has access to the data of the current and could inject a malicious script that extracts for example phone numbers if you are on your iCloud contacts.

PiPifier is open source so everyone can check the app for malicious content, in addition there is AppReview for this and you can also check out every script inject by any extension using the web inspector.

All in all I would advice to only install browser extensions from trustworthy sources