figma
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to an external MCP server at https://mcp.figma.com/mcp, which is the official endpoint for Figma's services.
- [DATA_EXFILTRATION]: Authentication is managed via a Figma OAuth token stored in an environment variable. The whoami tool allows the agent to retrieve user-specific data from the Figma API.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external content from Figma files. * Ingestion points: Data is retrieved from Figma via the get_design_context and get_metadata tools. * Boundary markers: No explicit boundary markers or safety instructions are provided to isolate fetched design text. * Capability inventory: The agent uses fetched data to perform code generation and asset management. * Sanitization: There is no requirement for the agent to sanitize or validate the design content before processing.
- [NO_CODE]: The skill package does not include any executable scripts, binaries, or active code, consisting entirely of Markdown documentation and configuration parameters.
Audit Metadata