figma-reader
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to create a persistence directory for design assets (
mkdir -p $ARGUMENTS[1]). This is a standard utility function for organizing skill output. - [EXTERNAL_DOWNLOADS]: The skill references official Figma documentation to assist users with MCP server setup. This resource belongs to a well-known service and is used for configuration guidance rather than automated script execution.
- [PROMPT_INJECTION]: The skill ingests design data from external Figma links, which constitutes a surface for indirect prompt injection. To mitigate risk, the skill structures the ingested content into a predefined markdown format, ensuring design data is treated as information rather than instructions.
Audit Metadata