figma-generate-library
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust orchestration layer for design system management, following a rigid phase-based workflow (Discovery, Foundations, File Structure, Components, Integration) with mandatory user checkpoints between phases to ensure human oversight.
- [SAFE]: All helper scripts in the scripts/ directory utilize the Figma Plugin API for legitimate tasks like creating variables, binding tokens, and managing layout. The code is transparent and contains no malicious logic or attempts to bypass security controls.
- [SAFE]: State management is handled via a state ledger persisted in a local temporary directory (/tmp), facilitating resumability in long-running workflows without involving external network persistence.
- [SAFE]: The skill relies on platform-standard tools for all Figma interactions, maintaining operation within the intended execution scope.
- [SAFE]: Analysis of all reference documentation and instructional content confirms consistency with professional design system best practices. No indicators of prompt injection, data exfiltration, or obfuscation were found.
Audit Metadata