pp-figma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs agents to fetch and ingest live Figma content (e.g., "figma-pp-cli files <file_key>" returns the file JSON, "frame extract" returns a compact payload for codegen, and "webhooks test" fetches /v2/webhooks/{id}/requests and replays payloads), which are untrusted/user-generated third-party sources that the agent is expected to read and can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires installing and running a remote CLI at runtime (e.g., go install github.com/mvanhorn/printing-press-library/library/productivity/figma/cmd/figma-pp-cli@latest and npx -y @mvanhorn/printing-press install figma --cli-only), which fetches and installs/executed remote code that the skill depends on, so these URLs constitute a runtime external dependency that can execute code.