figma-scan-code-accessibility

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill ingests outsider-authored free text when the operating user supplies --html '<markup>' or a runtime file path whose contents are read via readFileSync(opts.file, "utf8"), and that HTML is then loaded into JSDOM and executed/parsed by axe (new JSDOM(fullHtml, ...) + window.axe.run(...)), so arbitrary outsider HTML can flow into the LLM context indirectly via the scan’s JSON output (e.g., offending node html/failureSummary).