design-to-code-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch and parse user-provided Figma designs via get_design_context/get_metadata/get_code_connect_map (processing screenshots, code, and metadata from arbitrary Figma URLs), which are untrusted third-party/user-generated content that the agent must interpret and that can materially influence subsequent code-generation and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching files from the Tiger Data GitHub repo at runtime (e.g., https://github.com/timescale/timescale-website/blob/main/src/config/tailwind/colors.js) and those fetched files (colors.js, breakpoints.ts, tailwind.config.ts, types.ts, constants.ts, README.md) directly determine generation rules and mapping logic, so they are runtime external dependencies that control the agent's prompts/instructions.