design-to-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches Figma files via the fetch-figma step (node scripts/coderio-skill.mjs fetch-figma "https://figma.com/file/...") and then requires the fetched thumbnail/process images to be ATTACHed and read by the AI to generate structure/props/code, which exposes the agent to untrusted, user-provided third-party content from Figma.