figma-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and interprets user-provided Figma content (it triggers on figma.com URLs and calls get_metadata, get_design_context/get_variable_defs, use_figma scripts, and search_design_system per the SKILL.md), which are untrusted, user-generated third-party assets and the extracted data directly drives downstream decisions like token merging and component/property inference.