figma-d3-react-ts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 3 and Step 2b) explicitly directs the agent to navigate to and scrape live public Observable notebooks (e.g., https://observablehq.com/...) using mcp1_browser_navigate / mcp1_browser_snapshot and to download/inspect image URLs from Figma via mcp1_browser_navigate, meaning it fetches and interprets untrusted public third‑party content that can materially influence subsequent coding and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to navigate to and snapshot Observable notebooks (e.g., https://observablehq.com/@d3/line-chart) and to "read the D3 code cells", meaning external content from those URLs is fetched during runtime and injected into the agent's context to directly control implementation decisions — therefore this is a runtime external dependency that controls the agent's prompts/instructions.