prototype-to-figma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-supplied third-party content — it extracts a target Figma fileKey from a user-provided URL (SKILL.md Phase 0) and reads prototype source files (CSS/Tailwind/React trees) per Phase 1a, and then relies on those external, user-generated artifacts (the Figma file and code) to drive searches, component imports, and build/annotation actions in Figma, so untrusted content can materially influence tool actions.