figma-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md extraction workflow explicitly instructs the agent to fetch and ingest Figma content via MCP (Level 1/2), the Figma REST API (Level 3: GET /v1/files/{file_key}/nodes), and user-provided screenshots (Level 4), which are untrusted, user-generated third-party sources that the agent must read and whose contents drive downstream decisions, so indirect prompt injection is possible.