implementing-figma
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a guide for interacting with the official Figma Model Context Protocol (MCP) and does not contain executable code or scripts.
- [EXTERNAL_DOWNLOADS]: The instructions reference official Figma endpoints (mcp.figma.com) and local MCP server addresses (127.0.0.1:3845) for fetching design context, assets, and metadata. These are well-known and expected services for this integration.
- [COMMAND_EXECUTION]: The workflow mentions standard development tasks such as running code formatters (e.g., Prettier, Biome), which is a benign and routine operation in code generation.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Data retrieval is limited to authorized Figma design files and metadata required for the stated purpose.
- [PROMPT_INJECTION]: The instructions do not contain patterns aimed at overriding AI behavior or bypassing safety guidelines. It includes safety-conscious practices like requiring user confirmation before applying significant changes to the project.
Audit Metadata