figma-design-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires using the Figma MCP to fetch and extract specs from arbitrary Figma URLs and to open arbitrary web pages with the agent-browser (screenshots/snapshots), so untrusted/public, user-generated third-party content is ingested and directly drives code-change and decision-making.