Its a "tool call" definition in their code named 'execute_javascript', which takes in a "code" parameter and executes it. The code here being provided by the LLM which is not sitting locally. So that code is not present "in the plugin binary" at the time when chrome store team is reviewing it.
I'd very curious to know how they managed to deal with this then. There's always the option of embedding quickjs-vm within the addon (as a wasm module), but that would not allow the executed code to access the document.