figma-a11y-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and parses user-generated Figma comments via figma_get_comments (see Step 2/Step 3 in SKILL.md) and uses those comment texts and metadata to drive parsing, screenshot capture, filenames, and Excel-generation actions, so untrusted third-party content can materially influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching and running the external MCP server via "npx figma-console-mcp@latest" at runtime (the .vscode/mcp.json and setup instructions call npx), which executes remote code and is a required dependency for the skill.