skills/codestate-cs/figma-to-design/figma-to-design-init/Snyk

figma-to-design-init

Warn

Audited by Snyk on Apr 8, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). This skill optionally fetches Figma Variables from a user-provided Figma file URL via the Figma MCP ("Step 5d: Import Figma Variables"), which imports arbitrary user-generated third-party content that will be merged into design tokens and can materially change downstream behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 8, 2026, 09:11 AM

Issues

1