figma-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call FIGMA_DISCOVER_FIGMA_RESOURCES and FIGMA_GET_FILE_JSON/FIGMA_GET_FILE_NODES and FIGMA_GET_COMMENTS_IN_A_FILE to fetch Figma files, nodes, images and user comments (user-generated, third‑party content) and then use that content to decide follow-up actions (node selection, rendering, token extraction), which clearly exposes the agent to untrusted third-party content that can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting at runtime to the MCP server https://rube.app/mcp (via RUBE_SEARCH_TOOLS / RUBE_MANAGE_CONNECTIONS) to fetch tool schemas and auth flows that directly determine agent prompts and actions, so this external URL can control the agent's instructions.