Critical-risk tools in Figma MCP Bridge
8 of the 88 tools in Figma MCP Bridge are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
figma_delete_modeDestructiveDelete a mode from a variable collection. Cannot delete the last mode.
-
figma_delete_nodesDestructiveDelete nodes.
-
figma_delete_pageDestructiveDelete a page from the Figma document. Cannot delete the last remaining page.
-
figma_delete_variable_collectionDestructiveDelete a variable collection and all its variables. Use with caution - this cannot be undone.
-
figma_delete_variablesDestructiveDelete one or more variables from the document. Use with caution - this cannot be undone.
-
figma_remove_reactionDestructivePrototype: remove a reaction from a node by its zero-based index in the reactions array. Use figma_get_reactions first to find the index.
-
figma_remove_table_columnDestructiveFigJam: remove the column at the given index.
-
figma_remove_table_rowDestructiveFigJam: remove the row at the given index.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.