figma-mcp-go

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly ingests and acts on arbitrary user-generated Figma file content via the plugin (e.g., get_design_context, scan_text_nodes, get_pages and other use_mcp_tool calls in the SKILL.md), and those file contents are read and used to drive edits and tool decisions, so untrusted third‑party content could influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP configuration launches remote code at runtime via npx -y @vkhanhqui/figma-mcp-go@latest (which pulls and executes the @vkhanhqui/figma-mcp-go npm package), so the skill relies on fetching and running external code from that package.