ux-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's integration docs and workflows (docs/claude-figma-integration.md and docs/codex-figma-integration.md and SKILL.md) explicitly instruct the agent to fetch and extract text from Figma frame links (public/user-created third‑party content), which the agent then reads and acts on (audit, rewrite, apply patterns), exposing it to untrusted user-generated content that could carry indirect prompt-injection instructions.