figma-node-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's scripts (scripts/figma_fetch.cjs) fetch arbitrary user-provided Figma URLs from the Figma REST API (https://api.figma.com) to download node JSON and images, and SKILL.md / examples/integration.md explicitly instruct other skills to consume those fetched artifacts, meaning untrusted, user-generated Figma content could materially influence downstream tool use and decisions.