using-figma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required workflow uses Figma Dev Mode MCP read tools (e.g., get_metadata, get_variable_defs, get_design_context) on a user-provided Figma URL, so the LLM ingests outsider-authored free text/content from the referenced Figma file (layers, strings, tokens) that the operating user did not author.