lf-specs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks the user for Figma URLs (Passo 3) and then calls the Figma MCP plugin (mcp__plugin_figma_figma__get_metadata and mcp__plugin_figma_figma__get_design_context in Passo 4) to fetch and interpret design content, which is user/third‑party generated and is incorporated into generated briefings, SPECs and WPs and can change decisions and next actions (e.g., adding Figma references, noting divergences), so it consumes untrusted third‑party content that can influence agent behavior.