figma
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- Environment Configuration: The skill includes instructions for setting the
FIGMA_OAUTH_TOKENenvironment variable in shell profiles such as~/.zshrcor~/.bashrc. This is a standard procedure for persisting credentials required by development tools and does not represent an automated persistence mechanism. - External Service Integration: The configuration points to
https://mcp.figma.com/mcp, which is an established endpoint for Figma's Model Context Protocol (MCP) server. This integration is essential for the skill's purpose of fetching design context and assets. - Data Ingestion Surface: The skill processes data from Figma, including node metadata and design structures. While this involves the ingestion of external content, the skill provides structured workflows (e.g.,
get_design_contextfollowed byget_screenshot) to ensure the agent interprets this information correctly for UI development. - Authentication and Identity: The inclusion of a
whoamitool allows the agent to verify the authenticated Figma user's identity, which is a common feature for maintaining transparency in authenticated tool environments.
Audit Metadata