develop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests designs and component data from the Subframe MCP (e.g., get_page_info with "https://app.subframe.com/PROJECT_ID/design/PAGE_ID/edit" and related MCP tools), which are user-generated/untrusted third-party assets that the agent must read and act on to implement code—allowing those external contents to influence tool use and decisions.