frame

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill routinely calls MCP tools (e.g., get_design_context, get_variable_defs, get_figjam, get_code_connect_map) to fetch and interpret Figma file content and Code Connect snippets (see references/figma-mcp-server-ga.md noting wrappers), which are user-generated/untrusted and are used to drive extraction, mapping, and write decisions—allowing third-party content to materially influence agent behavior.