design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests and acts on arbitrary public URLs and user-provided design files — e.g., the /site-to-figma command "Capture a live website and recreate in Figma" and the /figma and /design-review commands accept Figma URLs and preview servers, so untrusted third‑party content is fetched and used to drive tooling and decisions.