peach-team-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public Figma files as part of its required UI workflow (see references/figma-workflow.md and fullstack-workflow.md which call ToolSearch → mcp__FigmaRemote__get_figma_data(url=...) to extract Figma data), and those user-generated third-party designs are parsed and used to drive UI/code generation—so untrusted content could materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls a runtime tool to fetch Figma design files (e.g., mcp__FigmaRemote__get_figma_data(url="https://www.figma.com/file/[FILE_ID]/[FILE_NAME]")), and that fetched content is injected into agent prompts to drive UI generation, so this external URL is used at runtime and directly controls agent instructions.