figma
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PERSISTENCE_MECHANISMS]: The reference documentation in
references/figma-mcp-config.mdsuggests persisting theFIGMA_OAUTH_TOKENby adding export commands to shell profiles like~/.bashrcor~/.zshrc. This results in the modification of system-level configuration files to maintain environment variables across sessions.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests design information from external Figma nodes, which presents a surface for indirect prompt injection.\n - Ingestion points: Data is retrieved from Figma URLs via the
get_design_contextandget_metadatatools.\n - Boundary markers: The skill does not define delimiters or instructions to treat the external design data as untrusted content.\n
- Capability inventory: The agent can generate application code and create design system rule files locally.\n
- Sanitization: No sanitization or verification steps are mentioned for the content fetched from the Figma API.
Audit Metadata