sunnyside-figma-context-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests user-generated Figma content via the Figma REST API and the plugin-bridge (e.g., the "Headless Asset Export from URL" flow using get_figma_data with a fileKey and the plugin endpoints that post extraction data to http://localhost:3333/plugin/*), and the SKILL.md shows the agent reads that data (get_JSON/get_figma_data) and uses it to generate code, migration instructions, and apply token changes—meaning untrusted third‑party content can materially influence tool use and actions.