figma-extract
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The section 'IMPORTANT Task Planning Notes' contains instructions designed to override the agent's default operational behavior ('Always plan...', 'Always add a final review...'). While intended for process consistency, this represents a behavioral constraint injected into the prompt context.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted external data from Figma URLs via MCP tools. Malicious actors could embed instructions within Figma text layers, component names, or metadata which the agent might follow during extraction or transformation.
- Ingestion points: Output from
mcp__figma__*tools containing design data. - Boundary markers: Absent; the workflow does not specify delimiters to isolate external content from instructions.
- Capability inventory: File system
Writeaccess toteam-artifacts/designs/and broad Figma MCP access. - Sanitization: Absent; no logic is provided to escape or validate the content of extracted design tokens before processing.
Audit Metadata