figma-extractor
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted data within Figma files.\n
- Ingestion points: Ingests component descriptions, variable names, and page metadata from external Figma URLs (SKILL.md Step 2, Step 3).\n
- Boundary markers: None. Content from Figma is not enclosed in protective delimiters.\n
- Capability inventory: The skill has access to Write and Bash tools, which could be abused if malicious instructions in a Figma file are obeyed.\n
- Sanitization: None. Data from the Figma API is not sanitized or validated before processing.\n- [COMMAND_EXECUTION]: The skill uses dynamic execution to perform deep data extraction.\n
- Evidence: Level 2 and Level 3 extraction workflows require the agent to read local JavaScript files from the scripts/ directory and execute them via the use_figma tool (SKILL.md Section 3.4-3.6).
Audit Metadata