figma-generate-library
Warn
Audited by Snyk on May 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's Phase 0 and Library Discovery instructions explicitly require calling get_libraries and search_design_system (see SKILL.md Phase 0 step 0c and Section 5 "Library Discovery and search_design_system") to read components/variables from subscribed and community libraries (public/user-contributed), and those search results are used to decide reuse/import vs. rebuild and to scope subsequent actions, so untrusted third‑party content is fetched and can materially influence the agent's decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata