design-tokens-extraction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and parse user-created design files from external MCP servers (e.g., Figma via get_file/get_styles/get_local_variables, Sketch via get_document/get_shared_styles/get_color_assets, and Penpot via get_file/get_components), which are untrusted third-party design content that the agent reads and uses to drive extraction/normalization and output decisions, creating a clear avenue for indirect prompt injection.