figma-generate-personal-token

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires extracting plaintext FIGMA_USERNAME/FIGMA_PASSWORD from script output and inserting them into agent-browser fill commands, and it passes the retrieved FIGMA_TOKEN as a command-line argument (--save "$TOKEN_VALUE"), which forces the agent to handle and emit secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly opens and interacts with Figma's public webpages (e.g., https://www.figma.com/login and https://www.figma.com/settings) and uses snapshots, DOM evaluation, and page text to decide clicks and form-filling, so third-party page content is read and can directly influence the agent's actions.