figma-implement-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests user-provided Figma files via the Figma MCP server (see SKILL.md Step 2: run get_design_context and Step 3: get_screenshot using user-supplied Figma URLs), so arbitrary third-party/user-generated design content can be read and directly influence code-generation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and calls the Figma MCP server at runtime (https://mcp.figma.com/mcp) via tools like get_design_context and get_screenshot, and the returned content is injected into the agent's workflow to directly control prompt-driven code generation and implementation decisions.