figma-generate-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill calls Figma REST endpoints at runtime (e.g., /v1/files/{fileKey}?version=... and /v1/files/{fileKey}/nodes?...) and then renders fields like page/component names, descriptions, labels, and user handles into markdown that is fed into the agent’s LLM context; these strings originate from the Figma file’s historical content authored by other people (outsider-authored free text).