design-implementation-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs the agent to open arbitrary URLs with "agent-browser open [url]" and to retrieve Figma files via the Figma MCP (Steps 1 and 2 of the Workflow), meaning it will ingest and act on untrusted, user-generated third‑party content to drive comparisons and remediation.