create-component

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly fetches and ingests designs from public Figma URLs—calling the plugin-figma-figma MCP tool (get_design_context) as described in SKILL.md Step 2.3 and references/figma-design-rules.md—and then uses that untrusted third-party content to determine HTL structure, CSS, JS, and proposed dialog fields, which could allow indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches user-provided Figma URLs (e.g., https://www.figma.com/design/… ) at runtime via the plugin-figma-figma get_design_context tool and ingests the returned React/Tailwind code and design tokens to drive the agent's generated HTL/CSS/JS structure, so the remote Figma content directly controls the agent's outputs.