That is correct. You can not inject external scripts. You can fetch from a remote and inject through the content script though, but the content and service worker code is known at review time.

So you can still do everything you could before, but it’s not as hidden anymore