figma-code-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests design content from user-supplied Figma URLs (see SKILL.md Steps 1–3 calling the MCP tools get_code_connect_suggestions and get_context_for_code_connect) and then reads/interprets instance.executeTemplate() results and property values (references/api.md and advanced-patterns.md) as part of its template-creation workflow, meaning untrusted, user-generated third‑party content can materially influence decisions and tool actions.