figma-implement-design
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the official Figma MCP server at
https://mcp.figma.com/mcpto retrieve design context and assets. Figma is a well-known service, and the use of its official API endpoint is considered safe and appropriate for the skill's functionality. - [COMMAND_EXECUTION]: The documentation guides the user to perform environment setup using
codexCLI commands, such as adding the MCP server and performing OAuth authentication. These are standard administrative actions required for tool integration and are performed manually by the user. - [PROMPT_INJECTION]: The skill processes data from Figma layers, which serves as a potential surface for indirect prompt injection if a design file contains malicious text intended to influence agent behavior.
- Ingestion points: External data is ingested through the
get_design_contextandget_metadatatools as defined inSKILL.md. - Boundary markers: There are no specific instructions or delimiters mentioned to isolate Figma text content from the agent's instructions during the code generation process.
- Capability inventory: The agent is authorized to generate and modify production-ready code files within the project directory based on the design input.
- Sanitization: The skill does not implement specific validation or sanitization routines for the content extracted from the Figma API.
Audit Metadata