figma-to-html

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding the Figma personal access token into curl headers and CLI arguments (and asks the agent to read tokens from user input or .env), which requires the LLM to handle and potentially output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the public Figma APIs and downloads file/layer data (see SKILL.md Step 2 and Step 3 and the scripts which call https://api.figma.com/v1/files/... and https://api.figma.com/v1/images/...), and it uses layer names and fetched content to select nodes and drive conversion/download actions, so arbitrary user-generated Figma content can materially influence the agent's decisions and tool use.