figma-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to retrieve and process data from external Figma files and comments.
- Ingestion points: Untrusted data enters the agent's context through tools like FIGMA_GET_FILE_JSON, FIGMA_GET_COMMENTS_IN_A_FILE, and FIGMA_GET_FILE_NODES.
- Boundary markers: The documentation does not define or use specific boundary markers or delimiters to isolate data retrieved from Figma from the agent's core instructions.
- Capability inventory: The skill allows the agent to perform actions such as FIGMA_ADD_A_COMMENT_TO_A_FILE and FIGMA_RENDER_IMAGES_OF_FILE_NODES based on the processed data.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from Figma before it is processed by the AI agent.
- [NO_CODE]: The skill does not contain any Python scripts, Node.js code, or binary executables. It consists entirely of markdown instructions and metadata.
Audit Metadata