Skills
skills/firecrawl/skills/figma-implement-design/Gen Agent Trust Hub

figma-implement-design

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to configure the local environment using the codex CLI, including adding the Figma MCP server, enabling the remote client feature in configuration files, and performing OAuth authentication via codex mcp login figma.
  • [EXTERNAL_DOWNLOADS]: Fetches design metadata, structured context, and visual assets from the well-known and trusted domain mcp.figma.com. These downloads are essential for the skill's primary function of design translation.
  • [PROMPT_INJECTION]: The skill presents a vulnerability surface for indirect prompt injection by ingesting and acting upon untrusted data from external Figma files.
  • Ingestion points: Design data and metadata are retrieved from Figma via the get_design_context and get_metadata tools as specified in SKILL.md.
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' directives to prevent the agent from following instructions that might be embedded in Figma node properties or text layers.
  • Capability inventory: The agent possesses the capability to generate and write source code based on the ingested design data.
  • Sanitization: No specific sanitization, filtering, or validation of the data returned from the Figma API is mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 08:24 PM