figma
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to https://mcp.figma.com/mcp, the official endpoint for the Figma Model Context Protocol server. This is a well-known service and is documented neutrally as a trusted resource for this workflow.
- [PROMPT_INJECTION]: The skill processes untrusted design data from external Figma URLs, which represents an indirect prompt injection surface. * Ingestion points: Figma node content and metadata fetched via the get_design_context tool (references/figma-tools-and-prompts.md). * Boundary markers: None identified in the prompt instructions to separate design content from operational instructions. * Capability inventory: The skill allows the agent to generate and implement React and Tailwind code within the project repository (SKILL.md). * Sanitization: No explicit validation or filtering of design-layer text is described.
- [SAFE]: Instructions regarding the modification of shell profiles (~/.zshrc, ~/.bashrc) for environment variable persistence are provided for user guidance and do not involve automated script execution by the skill.
Audit Metadata