figma-node-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's runtime (scripts/figma_fetch.py — functions like fetch_node/fetch_image and cmd_fetch/cmd_fetch_batch) fetches JSON and images from the public Figma API using user-supplied Figma URLs (with node-id), which are user-generated/untrusted third-party content that the agent reads and returns for downstream orchestration, so those external contents can materially influence subsequent actions.