figma-design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses chrome-devtools_evaluate_script to execute dynamically generated JavaScript code within the Figma web environment. While this is the primary mechanism for interacting with the Figma Plugin API, it grants the agent significant control over the user's active session.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it extracts and processes information from external Figma design files. These files could contain malicious instructions that attempt to hijack the agent's logic. * Ingestion points: Figma design file content accessed via chrome-devtools_evaluate_script. * Boundary markers: None present in the instructions to distinguish between design data and system commands. * Capability inventory: Includes full browser automation tools such as script evaluation, page navigation, and form filling. * Sanitization: No evidence of input validation or content sanitization before the data is used in decision-making processes.
Audit Metadata