fe-design-diff

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes untrusted Figma content (SKILL.md describes parsing Figma URLs/node-ids and vrt.mjs calls https://api.figma.com/v1/images/... and reads node metadata/absoluteBoundingBox), and those external assets and metadata are used to resolve variants, set viewports, and drive pass/fail decisions—creating a clear vector for indirect prompt-injection via third-party Figma content.