design-implementation-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and screenshots arbitrary live URLs via the agent-browser (agent-browser open [url], screenshot) and retrieves Figma files via the Figma MCP, so it ingests and interprets content from third-party/public sources as part of its workflow.