figma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references (e.g., references/figma-mcp-config.md and references/figma-tools-and-prompts.md) require the agent to call the remote Figma MCP server to fetch get_design_context, get_screenshot, assets and metadata from user-created Figma files (third‑party/untrusted content) and to use that data to drive code generation and implementation decisions, which could allow indirect prompt injection via the ingested design content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill config points to the runtime MCP server at https://mcp.figma.com/mcp which the agent must call to fetch design context and generated React+Tailwind code that directly controls the agent's outputs/instructions, making it a required runtime dependency.