figma
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits the user-provided FIGMA_TOKEN to api.figma.com to authenticate API requests for design metadata.
- [EXTERNAL_DOWNLOADS]: Downloads image assets from remote URLs returned by the Figma REST API and writes them to the local filesystem.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through external design data and collaboration comments.
- Ingestion points: scripts/figma_tool.py fetches layer names, project structures, and user comments from the Figma API.
- Boundary markers: There are no delimiters or instructions to the agent to disregard embedded commands in the design data.
- Capability inventory: The skill has the ability to perform network requests and write files to the local disk.
- Sanitization: The script does not escape or validate text content retrieved from the API before it is added to the agent context.
Audit Metadata