figma-ui-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected.
- Data Exposure: The skill uses safe placeholders for sensitive information (e.g., 'YOUR_TOKEN', 'FILE_KEY') in its Figma API integration examples.
- Obfuscation: No evidence of encoded content, hidden characters, or deceptive naming conventions.
- Indirect Prompt Injection (LOW/SAFE): While the skill interacts with external design data (Figma API) and utilizes high-privilege tools (Bash), there is no evidence of malicious intent or exploitation pathways in the provided instructions. The capability surface is consistent with the stated purpose of UI automation.
- Ingestion points: WebFetch (Figma API calls).
- Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: Bash, Read, Write, Edit, WebFetch.
- Sanitization: Not specified, though standard tool-calling safety filters are assumed at the agent level.
- Dependency Safety: No external software packages or remote script execution patterns were identified in the markdown configuration.
Audit Metadata