figma-annotations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The required runtime workflow reads existing node annotations via scripts/get-annotations.js, and those annotations are designer-authored free text that may have been written by an outsider (e.g., other collaborators’ notes) and are ingested into the agent’s LLM context through the script’s returned annotations[].labelMarkdown/label fields.