design-system-governance-workflow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly asks the user to provide Figma API tokens or allows pasting raw token JSON in the conversation and instructs the agent to use it (and to verify/authenticate), which requires the LLM to handle sensitive secret values in-context and creates a high risk those secrets could be echoed or embedded verbatim in outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The pipeline (run_pipeline.py and related scripts like export_figma_mcp_snapshot.py) explicitly loads external Figma MCP snapshots (from 2_figma-mcp-snapshot or FIGMA_MCP_VARIABLES_JSON) and can call the Figma REST API via fetch_figma_variables_via_rest to ingest variables from arbitrary Figma files, and that untrusted third‑party content is parsed and used to generate audits, proposed tokens, refactors, and code-sync outputs that materially influence subsequent actions.