apply-design-system

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs using Figma's search_design_system and direct inspection/import of library files (see "Required Workflow" step 5 and related use_figma/importComponent instructions), which can return community or team library files (user-generated/untrusted) that the agent must read and use to choose variants and perform swaps, allowing third-party content to influence decisions and tool actions.