figma-automation
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process data from external Figma files, including JSON structures and user comments. This represents an attack surface where maliciously crafted content within a Figma file could attempt to influence the agent's behavior.
- Ingestion points: Figma URLs, file JSON data, and file comments (referenced in SKILL.md).
- Boundary markers: None explicitly defined to separate external data from instructions.
- Capability inventory: Subprocess-like tool calls via MCP including file reading, comment creation, and connection management.
- Sanitization: No sanitization or validation of the retrieved Figma content is mentioned.
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of a remote MCP server at
https://rube.app/mcp. This endpoint serves as the provider for the Figma automation tools. The URL belongs to the infrastructure associated with the skill's functionality.
Audit Metadata