web-design-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Design-to-Code workflow and tooling docs (references/tooling-integration.md) explicitly instruct the agent to ingest and extract data from external Figma file URLs via a Figma MCP and to search external UI patterns via the 21st_magic_component_inspiration MCP, which are untrusted third‑party/user-generated sources that the agent is expected to read and act upon when building components and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Figma MCP workflow explicitly requires a designer-provided Figma file URL at runtime and the MCP extracts and injects design data from that external file into the agent's context (i.e., the "Figma file URL"), which can directly control the agent's prompts/outputs.