figma-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to a user-provided Figma file URL and ingests design tokens and component data from that third-party (user-generated) Figma file, which the agent reads and acts on to drive comparisons, fixes, and visual baseline updates, creating a clear vector for indirect prompt injection.