qa-test-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and validates external Figma design files via user-provided Figma URLs (see "Compare the login page against the Figma design at [URL]" and the Figma MCP integration/figma_validation.md sections), meaning the agent will ingest and interpret untrusted third-party content.