figma-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill includes explicit examples that the plugin UI and manifest can load and execute external web resources (e.g., Google Fonts and jsDelivr in references/ui-patterns-and-resources.md and the manifest "networkAccess" allowedDomains in project-structure-and-build.md / development-testing-and-publishing.md), meaning the plugin's iframe can fetch and run arbitrary third‑party content that the agent/UI will read or act on.