figma-code-connect-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls get_code_connect_suggestions to fetch component info (names, properties, thumbnails) from a user-provided Figma URL/scenegraph (e.g., https://figma.com/design/:fileKey/:fileName?node-id=...), meaning it ingests arbitrary user-generated third‑party Figma content and uses that data to drive searches and mapping decisions.