design-spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly auto-routes and extracts context from user-provided Figma URLs (e.g., "figma.com/design" or "figma.com/file") and from screenshots/wireframes, meaning it fetches and interprets untrusted third‑party/user-generated content (Figma files) which will directly influence subsequent tool actions and spec generation.