frame

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and consumes user-provided Figma file content (e.g., get_design_context, get_variable_defs, get_figjam, get_code_connect_map with file_url="https://figma.com/file/XXX") as required by the SKILL.md workflow and reference docs (execution-templates.md, figma-mcp-server-ga.md, code-connect-guide.md), and that untrusted third‑party content is used to drive mapping, generation, and write/sync actions that can materially change subsequent tool behavior.