cursor-talk-to-figma-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly reads and acts on user-generated Figma document content (e.g., via use_mcp_tool calls like "scan_text_nodes", "read_my_design", "get_annotations" shown in SKILL.md), so arbitrary third‑party text in those files can be interpreted and used to drive edits and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions explicitly fetch-and-execute remote install scripts (curl -fsSL https://bun.sh/install | bash and irm https://bun.sh/install.ps1 | iex), which download and run remote code as a required dependency (Bun) for the skill.