figma-automation
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to add a remote MCP server endpoint (https://rube.app/mcp). This external service provides the tool definitions and execution logic. Because this domain is not on the predefined list of trusted organizations, it should be vetted before use.
- [DATA_EXFILTRATION] (LOW): The skill accesses sensitive Figma design data, component structures, and comments. While this is the intended functionality, it involves passing design secrets and project data through a third-party intermediary.
- [PROMPT_INJECTION] (LOW): High vulnerability to Indirect Prompt Injection. Evidence: 1. Ingestion points: Tools like 'FIGMA_GET_COMMENTS_IN_A_FILE' and 'FIGMA_GET_FILE_JSON' retrieve untrusted content from Figma. 2. Boundary markers: Absent; no instructions are provided to the agent to treat design content or comments as untrusted data. 3. Capability inventory: Tools allow for reading files, adding comments, and exporting data. 4. Sanitization: Absent; content retrieved from Figma is not sanitized or escaped before being processed by the LLM.
Audit Metadata