figma-console-mcp-design-system-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests user-generated Figma content (e.g., via figma_get_file, figma_export_tokens, figma_get_local_variables, figma_watch_document and related tools shown in SKILL.md) and then uses that content to drive token merges, component creation, imports, and other actions, so untrusted third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes "npx -y figma-console-mcp@latest" (https://www.npmjs.com/package/figma-console-mcp), which fetches and executes remote npm package code at runtime and is required for the MCP server functionality, so it is a runtime external dependency that executes remote code.