Skills
skills/phuetz/code-buddy/figma/Gen Agent Trust Hub

figma

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the Figma Model Context Protocol (MCP) server from the @modelcontextprotocol registry using npx.
  • [COMMAND_EXECUTION]: Utilizes curl and jq to interact with the Figma REST API and process JSON responses for file management and asset export.
  • [DATA_EXFILTRATION]: Includes scripts that send design version updates to external endpoints (Slack and CI/CD webhooks). This is documented as a notification workflow.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface (Category 8) where external data from Figma files is used to influence agent output (e.g., generating React components).
  • Ingestion points: Figma API document structure and metadata processed in extractDesignTokens, syncTokens, and generateReactComponent.
  • Boundary markers: Absent; there are no specific markers or instructions to treat Figma-sourced data as untrusted.
  • Capability inventory: Includes file system writes (fs.writeFileSync), network operations (axios, curl), and tool execution via MCP.
  • Sanitization: None; the skill directly interpolates Figma node properties (like names and colors) into generated code strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:08 AM