qa-test-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and processes Figma URLs (see SKILL.md and README examples like "Compare the login page against the Figma design at [URL]" and the Figma MCP integration described in references/figma_validation.md), which fetches and interprets untrusted third‑party design content that can materially change generated test cases/bug reports and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly describes extracting design specifications at runtime from Figma URLs via a configured Figma MCP server (e.g., Figma file URLs like https://www.figma.com/file/...), which would inject remote design data into the agent's context and directly control generated prompts/validation, so this is a runtime external dependency.