An extended public key, or xpub, is a public key which can be used to derive child public keys as part of a Hierarchical Deterministic (HD) wallet. An extended public key is mainly used by a wallet behind the scenes in order to derive keys.
Sharing your xpub with trusted services does enable several use cases, however, it should not be given out to anyone you don’t trust, as anyone who knows your xpub can derive all of your public keys and therefore see every past and future transaction you make. Extended public keys are useful in order to receive bitcoin directly to a cold storage wallet, as a user can keep their xpub online in order to generate new addresses while their private keys remain offline.
An xpub cannot derive any private keys, so no funds are at risk if your xpub is leaked, however your privacy will be compromised. All xpub keys will begin with the letters ‘xpub’ followed by a long string of letters and numbers.