moai-domain-figma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly calls MCP Figma endpoints (e.g., mcp__figma__get_design_context, mcp__figma__get_variable_defs, mcp__figma__get_screenshot) to fetch Figma file content and variables (user-generated, third‑party design files) and then uses that content to generate code, tokens, documentation, and drive further tool calls, so untrusted external content can materially influence behavior.