figma-component-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests a user-provided Figma URL and runs MCP extraction calls (get_metadata, get_design_context, get_variable_defs, get_screenshot) as described in the "Extract Design Data via MCP" workflow, so untrusted third-party Figma content can be read and drive code-generation decisions.