figma-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL explicitly instructs the agent to fetch and ingest structured design data from user-provided Figma URLs (via get_figma_data, get_figma_variables, get_figma_components in SKILL.md and setup-guide.md), which are untrusted, user-generated third‑party files that the agent reads and uses to drive code-generation decisions, so they could carry indirect prompt-injection content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill depends on a Figma MCP server that is run at runtime (the setup explicitly recommends the community server at https://github.com/GLips/Figma-Context-MCP and shows an npx invocation that fetches/executes remote code), so this external URL/package is a runtime dependency that executes remote code.