figma

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt includes a mandatory "Memory Protocol" that instructs the agent to read and write persistent files (.claude/context/memory/*.md) and to assume interruption semantics—behavior that is unrelated to Figma design-to-code tasks and effectively alters the agent's persistence and state handling, so it is a hidden/deceptive instruction outside the skill's stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-provided Figma files via the Figma REST API (see "Get File", "Get File Nodes", "Get File Styles" endpoints) and MCP tools like get_design_context/get_figjam, and then parses those untrusted, user-generated design contents to extract tokens/components that directly drive code-generation and workflow decisions, enabling indirect prompt-injection risk.