design-compare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches Figma content from third-party URLs (SKILL.md Step 1 calling mcp__figma__get_screenshot and the scripts/export-figma-node.sh which calls https://api.figma.com), then requires the agent to "read/view both images" and analyze them (SKILL.md Step 2) to drive comparison results and suggested fixes, so untrusted user-generated Figma content can directly influence the agent's decisions and outputs.