design-to-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetch-figma step downloads a user-supplied Figma file/thumbnail (open/public, user-generated content) and the SKILL.md workflow explicitly instructs AI tasks (structure-prompt, props-prompt, code-prompt) to READ/ATTACH that thumbnail and generated prompts so that Figma content directly informs component structure, props, and code generation—creating a clear vector for indirect prompt injection from third-party Figma content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's fetch-figma command downloads a Figma document from the provided URL (e.g., https://figma.com/file/...) at runtime, and the fetched processed.json/thumbnail are used to generate the structure/props/code prompts that directly control the agent's instructions.