next-theme-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Design Intake workflow (Step 1: "Accept any of: Figma link, screenshot, PDF, or verbal description" and later "When a design is provided (Figma, screenshot, or description), map visual elements...") explicitly expects the agent to read and extract information from user-provided/third‑party design links/files (e.g., Figma), which are untrusted inputs that can materially influence theme-building decisions and actions.