figma-code-connect
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a standard development tool with no detected malicious intent or risky behavior. All external resources belong to the official vendor infrastructure.\n- [EXTERNAL_DOWNLOADS]: The instructions reference the installation of official Figma npm packages such as @figma/code-connect.\n- [COMMAND_EXECUTION]: Includes usage of official Figma CLI tools for publishing component mappings (e.g., npx figma connect publish).\n- [PROMPT_INJECTION]: Provides a surface for indirect injection via Figma component metadata used in code generation.\n
- Ingestion points: Component data from Figma API (SKILL.md)\n
- Boundary markers: Usage of tagged template literals for interpolation\n
- Capability inventory: Local file reading and writing\n
- Sanitization: Relying on the vendor-provided template API
Audit Metadata