component

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly parses figma.com URLs and calls get_design_context on the Figma MCP (see SKILL.md and multiple action files like references/actions/spec.md, dev.md, review.md, audit.md), ingesting designer-provided Figma content which the agent reads and uses to drive specs, implementation choices, reviews, and audits—exposing it to untrusted third‑party (user-generated) content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill makes runtime calls to Figma MCP (e.g., figma.com/design/:fileKey/:fileName?node-id=:nodeId) via get_design_context to fetch design code/screenshots/hints that are injected into the agent's context and used to drive specs/audits (Figma-audit mode refuses to proceed without it), so this runtime external URL can directly control prompts.