figma-connect

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). In the required runtime workflow, the agent ingests Figma design content via MCP tools like get_design_context(fileKey, nodeId) / get_screenshot(fileKey, nodeId) / get_variable_defs(fileKey, nodeId), where the Figma node’s text/code/annotations are outsider-authored (not by the operating user) and become LLM-readable context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses user-provided Figma URLs (e.g., https://figma.com/design/abc123/... ) at runtime — calling MCP tools like get_design_context/get_variable_defs and CLI commands such as npx figma connect create <figma-node-url> — and the fetched Figma content (including returned Code Connect snippets / reference code) is used as the primary implementation reference, meaning external content from figma.com can directly control prompts/output.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 03:25 PM
Issues
2
Security Audit — snyk — figma-connect