figma-use-figjam

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to call get_figjam and to read FigJam file node contents (e.g., "get_figjam returns the full node tree as XML" in SKILL.md and many references that read node.text.characters / cell data), which means it ingests user-generated, potentially untrusted FigJam file content and then uses that content to drive actions (naming, positioning, creating or modifying nodes), enabling indirect prompt-injection via file contents.