figma-implement-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill requires and ingests arbitrary user-provided Figma content (via user-supplied Figma URLs) and explicitly runs get_design_context, get_screenshot, get_metadata and downloads assets from the Figma MCP server, which the agent reads and uses to drive implementation decisions—exposing it to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires and at runtime fetches user-provided Figma design URLs (e.g., https://figma.com/design/:fileKey/:fileName?node-id=1-2) via the Figma MCP server using get_design_context/get_screenshot, and the returned design payload is injected into the agent's context to directly control implementation instructions, making it a required external dependency.