Skills
skills/learnwy/skills/figma-node-fetcher/Gen Agent Trust Hub

figma-node-fetcher

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/figma_fetch.py script makes requests to api.figma.com to retrieve node metadata and images. These requests are authorized using an API token provided by the user. This is a standard integration with a well-known service.
  • [COMMAND_EXECUTION]: The skill includes Python scripts for initialization and data fetching. These scripts read local configuration files and write design data to the output directory specified by the user.
  • [CREDENTIALS_UNSAFE]: The skill manages FIGMA_ACCESS_TOKEN by checking environment variables and local .env files. It implements a mask_token function to ensure that only a partial preview of the token is shown in status reports, protecting the secret from exposure in logs.
  • [PROMPT_INJECTION]: The skill processes data from external Figma files which could theoretically contain malicious instructions. However, the skill acts only as a data fetcher and does not execute the content of the design files. Sanitization is applied to node names used in the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 03:41 AM