implementing-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The INSTRUCTIONS.md explicitly requires fetching and ingesting content from third-party Figma files via Figma MCP calls (e.g., get_design_context, get_screenshot, get_metadata using Figma URLs/fileKeys) and also documents using plugins that pull public/user-generated content (Unsplash, Content Reel, Google Sheets Sync), and that ingested content is used to drive code-generation, mapping, and implementation decisions—so untrusted external content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires contacting the Figma MCP endpoint at https://mcp.figma.com/mcp at runtime (it instructs usage of MCP tools like create_design_system_rules and to include MCP-generated rules in prompts), so fetched content from that URL is used to directly control agent prompts and code-generation workflows.