Bidirectional Design Token Sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses user-owned Figma files via the Figma API (see SKILL.md setup and code using client.getFile/getFileVariables and the "Figma file URL" input), and then interprets those variables/styles to drive drift detection, conflict resolution, and automated updates—meaning untrusted, user-generated third‑party content can materially influence decisions and actions.