design-screen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and interprets user-supplied Figma files (figma.com URLs) as part of normal workflow—calling get_design_context during spec and using the Figma MCP/use_figma flow in craft (see references/actions/spec.md and references/actions/craft.md)—so untrusted, user-generated Figma content can materially influence component mapping, coverage calculations, and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill accepts figma.com design URLs at runtime (e.g., figma.com/design/:fileKey/...) and calls get_design_context / use_figma to fetch the remote Figma file which is then injected into the agent's compose/craft flow to drive layout mapping and spec generation, so the external Figma content directly influences the agent's prompts/decisions during runtime.