figma-connect
Warn
Audited by Snyk on Jun 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). In the required runtime workflow, the agent ingests Figma design content via MCP tools like
get_design_context(fileKey, nodeId)/get_screenshot(fileKey, nodeId)/get_variable_defs(fileKey, nodeId), where the Figma node’s text/code/annotations are outsider-authored (not by the operating user) and become LLM-readable context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses user-provided Figma URLs (e.g., https://figma.com/design/abc123/... ) at runtime — calling MCP tools like get_design_context/get_variable_defs and CLI commands such as
npx figma connect create <figma-node-url>— and the fetched Figma content (including returned Code Connect snippets / reference code) is used as the primary implementation reference, meaning external content from figma.com can directly control prompts/output.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata