figma-implement-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires user-provided Figma URLs and explicitly instructs the agent to call get_design_context, get_screenshot, get_metadata and to download assets from the Figma MCP server (Figma files/URLs), meaning it ingests untrusted public Figma content that the agent reads and uses to drive implementation decisions.