Framer Expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and README explicitly state the Framer MCP server will "access CMS collections and content" and "retrieve all components" from Framer projects (MCP Workflow Examples / MCP Connection), which requires the agent to fetch and interpret arbitrary user-generated project/CMS content that could materially influence actions.