implementing-figma-ui-tempad-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls tempad-dev:get_code, get_structure and get_screenshot from the TemPad Dev MCP to ingest Figma/TemPad design outputs (code, tokens, assets and TemPad asset URLs), meaning it reads arbitrary user-provided third-party design content and assets as authoritative evidence and could therefore be exposed to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires TemPad Dev MCP at runtime (calls tempad-dev:get_code and may download TemPad asset URLs via asset.url or resourceUri) and uses the returned code/assets as authoritative input that directly controls the agent's outputs, so these TemPad-provided URLs are a runtime control risk.