figma

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). These are direct links to shell scripts on an unrecognized third‑party domain and the skill instructs curl | bash and storing credentials — a common and high‑risk pattern for distributing malware or credential theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate to figma.com via Playwright and to open design files and "display all comments" and review version history, meaning it fetches and reads user-generated content from a third-party website (figma.com) that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running remote install scripts that are fetched and executed (curl -sSL https://canifi.com/skills/figma/install.sh | bash and the related https://canifi.com/install.sh used to install canifi-env), which means remote code is executed as a required setup dependency and could directly affect the agent environment.