moai-design-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's examples and workflow (examples.md "Figma Integration" and reference.md "Link-Based" workflow) explicitly instruct the agent to fetch and extract design tokens from external Figma file URLs (user-generated third-party content), which the agent reads and uses to drive transformations and actions, creating a clear risk of indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Figma MCP workflow and configuration cause runtime fetching/execution of external content—e.g., prompting extraction from a Figma file URL (https://figma.com/file/...) and calling the remote MCP endpoint (https://mcp.figma.com/mcp) and even running an npx-installed MCP server—so external content/code fetched at runtime can be injected into prompts or executed.