figma-automation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct users to connect to an external MCP server endpoint at
https://rube.app/mcp. This domain is managed by the skill's author and is required for the tool integration. - [PROMPT_INJECTION]: The skill processes external, untrusted content from Figma via tools like
FIGMA_GET_COMMENTS_IN_A_FILEandFIGMA_GET_FILE_JSON, which introduces a potential surface for indirect prompt injection. * Ingestion points: Figma comments, file JSON, and design tokens (referenced inSKILL.md). * Boundary markers: The skill does not define specific delimiters or instructions for the agent to ignore potentially malicious text within the design files. * Capability inventory: The skill's capabilities are limited to Figma API operations; no arbitrary command execution or file system access patterns were identified. * Sanitization: The skill does not specify any sanitization or validation logic for the data retrieved from Figma.
Audit Metadata