figma-automation
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill setup requires connecting to a third-party MCP server endpoint at
https://rube.app/mcp. While this is the intended design for the toolkit's functionality, it involves an external dependency outside of the predefined trusted scope. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) when processing data from Figma files and comments. * Ingestion points: Content is retrieved from Figma via
FIGMA_GET_FILE_JSONandFIGMA_GET_COMMENTS_IN_A_FILE. * Boundary markers: The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the retrieved Figma data. * Capability inventory: The skill includes tools for rendering images, managing comments, and extracting structured file data. * Sanitization: No sanitization or escaping of external content is specified before the data is processed by the agent.
Audit Metadata