figma-design-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches and processes content from user-provided Figma URLs via the Figma REST API (e.g., "Figma data collection" / design-check Phase 2 screenshot capture and the figma-to-code phases), which are untrusted, user-generated third‑party sources that the agent reads and interprets as part of its workflow.