cc-figma-tokens
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages sensitive configuration by reading from a local
.component-contractsfile. It explicitly instructs the agent to never output theFIGMA_ACCESS_TOKENin any response, preventing accidental credential exposure. - [SAFE]: Implements a mandatory 'Phase 0 — Inspect' step. This ensures the agent performs a read-only assessment of the project state and presents a summary for user approval before proceeding with any variable creation or updates.
- [COMMAND_EXECUTION]: Orchestrates the
use_figmatool to interact with the Figma Plugin API. The logic is strictly scoped to creating and updating variable collections based on provided token files, following standard design system management patterns.
Audit Metadata