figma-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes data from external Figma files that could contain malicious instructions.
- Ingestion points: Untrusted data enters the agent context via FIGMA_GET_FILE_JSON, FIGMA_GET_FILE_NODES, and FIGMA_GET_COMMENTS_IN_A_FILE as defined in SKILL.md.
- Boundary markers: The skill documentation does not provide delimiters or instructions to ignore embedded commands within the fetched design data.
- Capability inventory: The skill has capabilities that could be exploited if an injection occurs, including writing comments to Figma files via FIGMA_ADD_A_COMMENT_TO_A_FILE and exporting node data.
- Sanitization: There is no evidence of input validation or content filtering for the data retrieved from the Figma API before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill requires the user to connect to an external MCP server at https://rube.app/mcp. This resource is part of the vendor's intended infrastructure for providing the tool's functionality.
Audit Metadata