d2c-build-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses external Figma files/frames (e.g., via mcp__figma__get_metadata and get_design_context called in Phase 1 runtime procedure, Phase 1b sibling detection, and Phase 2a Step 2), treating user-provided/untrusted Figma frame and prototype metadata as authoritative input that directly shapes edges, routes, mode detection, state variants, and generated actions—so third-party content can materially influence behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches Figma frame URLs at runtime (e.g., https://www.figma.com/design/abc/Onboarding?node-id=1-2) via the Figma MCP calls to obtain metadata/screenshots that directly drive parsing, mode detection, IR generation and codegen, so external content from figma.com controls the agent's behavior.