design-token-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly imports user-provided design data from external sources (e.g., FigmaTokenImporter.ImportAsync and the POST /api/tokens/import endpoint), so it fetches and processes untrusted third‑party/user-generated content (Figma files) as part of its runtime workflow.