Frame

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's required workflow explicitly calls MCP tools that fetch user-authored Figma/FigJam content (e.g., get_design_context(file_url="https://figma.com/file/XXX"), get_figjam, get_code_connect_map shown in references/execution-templates.md and references/figma-mcp-server-ga.md), and those untrusted/third‑party artifacts (including Code Connect snippets/custom guidance) are read and used to make mapping/extraction/sync decisions, so they could carry indirect prompt-injection instructions.