design-language

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and stages external sources (e.g., "Live URL" via mcp__plugin_chrome-devtools-mcp_chrome-devtools__navigate_page + take_screenshot and "Figma URL" via mcp__plugin_figma_figma__get_screenshot and get_metadata) and runs a sub-agent that extracts and interprets those public/web-sourced artifacts as inputs to proposed diffs and review decisions (see "Step 1: Stage the source artifact" and the "Sub-agent prompt"), so untrusted third‑party content can directly influence the agent's decisions and next actions.