figma-code-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse arbitrary Figma URLs and to call MCP tools (get_code_connect_suggestions and get_context_for_code_connect) to ingest published component data from Figma (a third‑party, user-created design service) and then uses that content to drive template generation and tool actions (Steps 1–3 in SKILL.md), so untrusted external content can materially influence the agent's behavior.