figma
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected in the skill documentation.
- [COMMAND_EXECUTION]: The skill documentation references several internal Python scripts (
figma_client.py,export_manager.py,style_auditor.py,accessibility_checker.py) for processing Figma data. These are used for legitimate functionality such as API interaction and report generation. - [CREDENTIALS_UNSAFE]: The skill provides instructions for managing a Figma access token using environment variables or a
.envfile. While.envis a sensitive file path, the usage here is for standard local configuration and does not involve hardcoded secrets or unauthorized credential access. - [DATA_EXPOSURE]: The skill retrieves design data from Figma and saves exported assets and reports locally. This behavior is restricted to the skill's stated purpose of design analysis and asset management.
- [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found in the skill metadata or body.
Audit Metadata