figma-use
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute JavaScript code within the Figma environment using the
use_figmaMCP tool. This is the intended primary function of the skill, enabling the agent to programmatically create and modify Figma nodes, variables, and styles. - [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface (Category 8) because it provides patterns for reading and processing data from Figma files (such as node names, descriptions, and component properties) which is then used to drive subsequent agent actions.
- Ingestion points: The skill uses APIs like
figma.root.children,figma.currentPage.findAll, andfigma.getNodeByIdAsyncto read existing file content into the agent's context (e.g., inreferences/component-patterns.md). - Boundary markers: The skill includes extensive validation rules and a 'Pre-Flight Checklist' to ensure the agent generates valid code, though it does not explicitly instruct the agent to use delimiters for untrusted file content.
- Capability inventory: Across all referenced scripts, the agent is granted the ability to read, create, mutate, and delete nodes, variables, and styles within the Figma file via JavaScript execution.
- Sanitization: No explicit sanitization or filtering of string data retrieved from Figma files is provided before that data is interpolated into subsequent code generation tasks.
Audit Metadata