figma-implement-design
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for instructions embedded within Figma designs. Evidence: 1. Ingestion points: Figma design data via the streamable_http MCP transport in agents/openai.yaml. 2. Boundary markers: Absent in the default prompt. 3. Capability inventory: The skill is instructed to 'Implement this Figma design in this codebase', implying file-write access. 4. Sanitization: None specified for the design content.
- [External Downloads] (SAFE): The skill references https://mcp.figma.com/mcp, which is the legitimate service endpoint for the Figma Model Context Protocol server.
Audit Metadata