Skills
skills/southleft/figma-console-mcp-skills/figma-blame-node/Snyk

figma-blame-node

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill fetches Figma REST API JSON at runtime (e.g., /v1/files/{fileKey}/nodes and /v1/files/{fileKey}/versions), and those responses are outsider-authored content (other users’ version labels/metadata and document structure) that the script parses into LLM-readable JSON output/context.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:56 AM
Issues
1
Security Audit — snyk — figma-blame-node