frontend-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly adds a Figma MCP ("claude mcp add --transport http figma https://mcp.figma.com/mcp") and says "Figma 디자인 레이어 → 코드 변환 (Figma 로그인 필요)", indicating the agent will fetch and interpret user-generated Figma content (and also installs code from public GitHub URLs like serena) which can materially influence generated code and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP setup command clearly fetches and runs remote code at runtime: "claude mcp add serena uvx -- --from git+https://github.com/oraios/serena serena start-mcp-server" pulls from git+https://github.com/oraios/serena and then invokes the fetched server (executing remote code), making it a required runtime dependency.