How would this work? They are injecting CSS into your page, but you can't inject anything into the extension UI from a website. The only thing you could do would be to emulate the extension UI in your website, but for that you don't need to inject anything. You can just copy the design.
The article mentions they inject a web component. I imagine a bad actor could add something to that. In this case at the very least the author could add a "I hacked your Grammarly extension" text just via CSS, but I'm sure you can go much further, even more so with other extensions (eg password managers).
But you could also just add you own lookalike web component to you page that looks like the grammarly one. If people enter credentials there, it's user error.
