v1.7.0 - Verify-links warning banner

What's new

A persistent amber warning banner is now pinned to the top of the popup, reminding analysts that Defender's URL verdicts ("No threat found") are not authoritative.

Why

Links that Defender marked as clean have been confirmed malicious in practice. The README already noted this, but a README warning is easy to forget — putting it inside the workflow itself makes it unmissable.

Recommendation

Treat every extracted URL as untrusted. Verify each one independently via a sandbox, URL scanner, or threat intel before acting on it.

Other

• Manifest version bumped to 1.7.0.

v1.6.0 — Initial public release

First public release.

• Scrapes the Email Details panel directly from security.microsoft.com.
• Auto-expands "View all" toggles to capture full URL and attachment lists.
• Unwraps Safe Links redirects to the original target.
• Defangs URLs, emails, and IPs (https -> hxxp, . -> [.], @ -> [@]).
• Attachments render as filename - threat per line.
• Threat URLs field gives a focused checklist of URLs marked anything other than No threat.
• Copy as text / CSV / JSON, or download CSV.

Install: download the zip, unzip somewhere stable, then Load unpacked at chrome://extensions.