figma-design-handoff

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and examples explicitly fetch and ingest Figma file content via the Figma REST API (e.g., https://api.figma.com/v1/files/${fileKey}/variables/local and /component_sets in rules/figma-variables-tokens.md and rules/figma-component-specs.md) and use the Applitools Figma Plugin to overlay production screenshots on Figma frames (references/applitools-figma-plugin.md), meaning untrusted user-generated design content is read and can materially influence token generation, spec extraction, and automated test actions.