x-talk-to-figma-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill documentation guides the user to execute local scripts using
bunfor both the MCP server and the WebSocket relay. These commands are standard for local development environments and are intended for the user's own local file paths. - [DATA_EXFILTRATION] (SAFE): The communication channel is explicitly defined as
localhost:3055. There are no indications of data being sent to external or untrusted domains. - [REMOTE_CODE_EXECUTION] (SAFE): The skill does not perform any remote downloads or execute code from external sources. It relies entirely on pre-existing local files in a specified directory structure.
Audit Metadata