component

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls get_design_context for arbitrary figma.com links (see SKILL.md "Figma Integration" and multiple action files such as references/actions/structure.md, dev.md, audit.md, review.md), ingesting user-provided Figma design content and using that content to map tokens and drive implementation/review decisions, which clearly exposes the agent to untrusted third‑party content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls get_design_context at runtime for Figma links such as figma.com/design/... and injects the returned code/screenshot/hints into the agent's context to drive specs, implementation, and audits, so figma.com/design/... is a runtime external dependency that can directly control prompts.