figma-design-tool-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read and act on user-generated Figma files via the Figma MCP server (see SKILL.md "Figma MCP — The AI-Assisted Game Changer" and references/figma-mcp-ai-flywheel.md), meaning untrusted third‑party content from Figma is programmatically ingested and can directly influence generated code and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime configuration explicitly invokes external packages via npx (e.g., "npx -y @anthropic/figma-mcp-server" and "npx -y figma-mcp-server") to run an MCP server that the agent depends on (fetching and executing remote code at runtime), and the webhook example posts to https://api.github.com/repos/OWNER/REPO/dispatches to trigger remote CI — both are runtime external dependencies that execute remote code and thus present a risk.