figma-implement-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires the agent to fetch and ingest user-provided Figma content (e.g., Figma URLs like https://figma.com/design/... and node IDs) via required MCP calls such as get_design_context, get_screenshot, and asset downloads from the Figma MCP server, and explicitly uses that untrusted, user-generated content to drive implementation decisions and next actions (Steps 1–4 in SKILL.md).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill requires runtime fetching of user Figma data (e.g., URLs like https://figma.com/design/:fileKey/:fileName?node-id=...) via the configured MCP endpoint (http://127.0.0.1:3845/mcp), and the get_design_context / get_screenshot responses are injected into the agent context and used to drive prompts and code generation, so these runtime URLs directly control agent behavior.