anima-hello-world

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 1 (SKILL.md) calls anima.generateCode with a Figma fileKey and figmaToken, which fetches user-owned Figma content (untrusted, third-party user-generated data) that the agent reads to generate and write code and then integrate into a project, so that external content can materially influence subsequent actions.