figma-implement-design
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from Figma nodes via the
get_design_contextandget_metadatatools. This presents a surface for indirect prompt injection where malicious instructions could be embedded in Figma text layers or metadata. However, this is a low-risk surface as the skill's capabilities are limited to code generation and do not involve arbitrary command execution or external data exfiltration. - [SAFE]: The skill is authored by a trusted organization (OpenAI) and utilizes local communication with a Figma MCP server at http://127.0.0.1:3845/mcp. Instructions to modify local configuration files like
~/.config/kilo/kilo.jsonare standard for setting up the agent's environment and do not involve credential theft or sensitive data exposure. No obfuscation or malicious persistence mechanisms were detected.
Audit Metadata