Bidirectional Design Token Sync
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data retrieved from the Figma API, such as variable names, values, and descriptions, which are then used to generate code and are displayed to the user.
- Ingestion points: External data enters the system through
client.getFileVariablesandclient.getFileStylescalls within thescripts/sync-tokens.jsfile. - Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to treat data from Figma as potentially untrusted content.
- Capability inventory: The skill performs file system write operations (generating .css, .scss, .ts, and .json files) and initiates network requests to the Figma API.
- Sanitization: The implementation performs basic string transformations on variable names (e.g., lowercase conversion and whitespace replacement) but lacks comprehensive sanitization or validation for token values and descriptions.
- [CREDENTIALS_UNSAFE]: The skill handles a sensitive Figma Personal Access Token. While it follows the common practice of using environment variables (
FIGMA_ACCESS_TOKEN), users must ensure these credentials are managed securely and not exposed in version control or logs. - [EXTERNAL_DOWNLOADS]: The skill documentation describes the installation of well-known and reputable third-party packages, specifically
@figma/rest-api-clientandstyle-dictionary, which are standard tools for this use case. - [COMMAND_EXECUTION]: The skill workflow relies on the execution of local scripts, including
scripts/sync-tokens.jsandscripts/detect-drift.py, typically triggered through defined npm scripts.
Audit Metadata