figma-extract-tokens
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is susceptible to indirect prompt injection because it ingests untrusted data from Figma files and uses it to generate code files for development environments. 1. Ingestion points: Figma variables, variable collections, and metadata accessed via the Figma MCP server. 2. Boundary markers: Absent; there are no instructions to ignore embedded commands within Figma data. 3. Capability inventory: The agent is instructed to generate CSS, TypeScript, and JSON files, creating a significant attack surface if malicious code is injected into Figma variable names or values. 4. Sanitization: Absent; the skill does not specify any validation or escaping of extracted content.
- Data Exposure (LOW): The skill accesses Figma design files which may contain sensitive or proprietary design information. While inherent to the task, this is a data access risk.
Recommendations
- AI detected serious security threats
Audit Metadata