figma-skill
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill focuses on legitimate integration with the Figma API via MCP tools. No malicious patterns, obfuscation, or unauthorized data access were detected.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it processes untrusted data from external Figma files.
- Ingestion points: Design context and metadata are fetched from Figma URLs in
SKILL.mdandreferences/figma-skill.md. - Capability inventory: The skill can modify Figma canvases (
use_figma), create files (create_new_file), and update code mappings (send_code_connect_mappings). - Boundary markers: The skill lack specific boundary markers for Figma content but includes a procedural guardrail in
SKILL.mdrequiring user confirmation for high-risk destructive edits. - Sanitization: No explicit sanitization or instruction filtering is implemented for the data retrieved from Figma.
Audit Metadata