fe-design-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and LLM-processes untrusted user-generated content from GitHub/JIRA issues (body, comments, attachments) and Figma metadata (SKILL.md workflow steps 1–2 and gate-prompt.md), and uses the resulting intent/component decisions to drive subagent calls and open/update PRs, so third-party content can materially influence agent actions.