code-connect-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Step 1 calls get_code_connect_suggestions which fetches component info (names, properties, and thumbnail images) from a user-provided Figma URL or the Figma MCP desktop selection (the Figma scenegraph), so it ingests untrusted third-party user-generated content that the agent reads and uses to decide searches and mapping actions.