figma-context-mcp-cached

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt shows passing the Figma API key as a command-line argument (--figma-api-key=${FIGMA_API_KEY}) and examples of exporting FIGMA_API_KEY, which encourages embedding secrets into process args/configs (exposable in process lists or generated files) and could cause the LLM to output secret values verbatim if expanded—so it poses substantial exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows runtime calls to figma_prepare_file and get_figma_data that fetch and parse Figma design files from https://www.figma.com/design/... (third-party, user-created content) which the agent is expected to read and use to drive actions like generating CSS, Tailwind configs, and downloads, so untrusted content could inject instructions that change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP is launched via npx which fetches and executes the remote package @pactortester/figma-mcp-cached at runtime (npx @pactortester/figma-mcp-cached — see package on npm: https://www.npmjs.com/package/@pactortester/figma-mcp-cached), so external code is retrieved and run as a required dependency.