Enter your manifest file first. Then hit parse. The manifest will be parsed in order to suggest the different components of your extension. To specify the code of a component, add the code to the text editor and simply hit the name of the component. When the code of a component is provided, then the component is colored in green. When you are done hit the "Analyze Extension" button to analyze the communication APIs of your extension. At the end of the analysis, sensitive APIs that can be potentially escalated will be displayed in the editor
This tool will not analyze dynamically injected content scripts.
In case you have trouble using the online version (thanks John for the report), a command line and complete version of the tool can be found here. All you need is Node.js