Skills
skills/figma/mcp-server-guide/figma-implement-design/Gen Agent Trust Hub

figma-implement-design

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill interacts exclusively with Figma, a well-known service, and uses a local MCP server for asset retrieval. These operations are within the expected scope of the tool's functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from an external source (Figma) to generate executable code.
  • Ingestion points: External data enters the context through get_design_context and get_metadata tool calls in SKILL.md.
  • Boundary markers: The instructions lack explicit boundary markers or warnings to ignore embedded instructions within the fetched Figma metadata or design context.
  • Capability inventory: The agent has the capability to write files to the user's repository (creating or updating components as described in Step 5 and Step 6).
  • Sanitization: There is no mention of sanitizing or validating the content returned by the Figma API before it is used to generate code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 05:24 PM