figma
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill fetches and ingests arbitrary Figma files via the Figma REST API (see scripts/figma_client.py: get_file/get_file_nodes and callers like scripts/accessibility_checker.py and scripts/export_manager.py), meaning the agent will read and analyze user-generated third‑party content from Figma URLs/file keys.
Audit Metadata