fe-design-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-authored Figma content (see SKILL.md workflow "Resolve the pair" and the vrt.mjs call to https://api.figma.com/v1/images/), and the agent is required to read/interpret those fetched images/metadata (diff.png/figma.png and node JSON) to decide pass/fail and next actions, so untrusted third-party content can materially influence behavior.