Skills
skills/figma/mcp-server-guide/figma-generate-design/Gen Agent Trust Hub

figma-generate-design

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFE
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill generates and executes JavaScript code snippets at runtime to interact with the Figma Plugin API. This behavior is fundamental to the skill's purpose of automating design creation and is used within the controlled environment of the Figma toolchain.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from potentially external sources.
  • Ingestion points: Metadata and structure from existing Figma files (node names, properties, variable keys) and user-provided source code or descriptions.
  • Boundary markers: No explicit delimiters are specified for handling data retrieved from Figma components or styles.
  • Capability inventory: The skill uses the use_figma tool to execute generated code against the Figma API.
  • Sanitization: No specific sanitization steps are documented for the data ingested from design systems before it is used to generate layout code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 10:26 AM