pix-storybook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill asks the user for a Figma link and directly calls Figma MCP endpoints (figma_get_metadata, figma_get_design_context, figma_get_variable_defs, figma_get_screenshot, etc.) to fetch and interpret external Figma design data, which is untrusted third-party/user-provided content and is read as part of the workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill asks the user for and at runtime fetches a Figma design URL (e.g., https://figma.com/design/abc123/MyApp?node-id=42-100) via figma_get_* calls, and that external design content directly drives the agent's component-generation instructions and decisions.