figma-developer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill acts as a documentation resource for developer-driven automation.\n- [COMMAND_EXECUTION]: The skill includes code snippets for file system operations (writing components and assets) and network interactions with Figma endpoints. These operations are directly aligned with the stated purpose of extracting and generating design assets.\n- [PROMPT_INJECTION]: The skill processes external data from Figma nodes to generate code, which constitutes an indirect prompt injection surface. However, the risk is mitigated as these are reference scripts intended for use in developer-controlled environments, and the skill provides utility functions for name normalization.\n
- Ingestion points: Node names and style properties fetched via the Figma API.\n
- Boundary markers: None explicitly used in the generated code templates.\n
- Capability inventory: Includes filesystem writes (fs.writeFile) and network requests (fetch).\n
- Sanitization: Implements functions such as normalizeFileName and toPascalCase to process input strings.
Audit Metadata