design-to-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts images via "upload or URL" in the Commands section ("/design-to-code" step 1) and integrates with external design sources (e.g., Figma exports), meaning it ingests untrusted, user-provided third-party content (arbitrary URLs/files) which the agent directly analyzes and uses to drive code-generation decisions.