d2c-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — Step 5g ("Import Figma Variables") explicitly fetches and ingests variable definitions from a user-provided Figma file URL (third-party, user-generated content) and merges/flags them in the generated design-tokens.json, which can materially alter token selection and downstream tool behavior.