xfive-figma-to-wordpress

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Procedure overview step 1 and Prerequisites) instructs the agent to fetch and extract Figma designs from a user-provided Figma URL via Figma's MCP/API — untrusted, user-generated third-party content that the agent must read, analyze, and act on to generate plans and implement WordPress code, allowing indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires reading a user-provided Figma design via Figma's MCP/API (e.g., https://www.figma.com/file/...) at runtime and uses the fetched design content to drive planning and implementation, so this external URL directly controls the agent's instructions and is a required dependency.