moai-design-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and reference/figma.md explicitly require using Figma MCP to fetch file metadata, components, tokens and screenshots from Figma files (and the comparison docs reference the Figma Community), meaning the agent ingests user-generated third‑party Figma content and uses it to drive code/export decisions, so untrusted content could indirectly influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP server configuration runs npx to fetch and execute remote packages at runtime (e.g., "npx -y @modelcontextprotocol/server-figma" with the referenced repo https://github.com/modelcontextprotocol/servers/tree/main/src/figma and the analogous pencil server), which means external code is fetched and executed as a required runtime dependency.