figma-implement-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-provided Figma content via the Figma MCP server—calling get_design_context, get_screenshot, get_metadata and downloading assets from the MCP/assets endpoint using user-supplied Figma URLs or node IDs—so it reads untrusted, third-party (user-generated) content as part of its workflow.