figma-audit
Warn
Audited by Snyk on Jul 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md describes a runtime workflow that reads a Figma file’s pages/components/variables (e.g., via
figma_get_variables,get_design_context,figma_get_component_details), which are outsider-authored design content and would be ingested as free text/metadata into the agent’s LLM context for analysis.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata