figma-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill relies on an external MCP server hosted at
https://rube.app/mcp. This domain is not recognized as a trusted external source according to the security guidelines.\n- [DATA_EXFILTRATION] (LOW): User design data and file comments are transmitted to and processed by the Rube MCP service, which is a third-party platform.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection due to its ability to ingest untrusted data.\n - Ingestion points: Figma file JSON and comments retrieved via
FIGMA_GET_FILE_JSONandFIGMA_GET_COMMENTS_IN_A_FILE(SKILL.md).\n - Boundary markers: None identified in the skill instructions to delimit untrusted data from system instructions.\n
- Capability inventory: The skill can manage connections, read file metadata, and modify comments in Figma. (SKILL.md).\n
- Sanitization: No evidence of content sanitization or validation of the ingested Figma data is provided.
Audit Metadata