figma
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
bash -candcurlto perform API requests. The use of string interpolation for the<file-key>placeholder within a shell command introduces a potential command injection vulnerability if the agent parses a malicious Figma URL containing shell metacharacters (e.g., single quotes or semicolons). - [PROMPT_INJECTION]: The skill processes untrusted external data from Figma, creating an indirect prompt injection surface.
- Ingestion points: Figma URLs and file content (including comments and component descriptions) retrieved from
api.figma.com(SKILL.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions are used when displaying or processing the fetched content.
- Capability inventory: The skill has the capability to execute shell commands via
bashand make network requests viacurl(SKILL.md). - Sanitization: No sanitization or validation of the input data or the retrieved API content is performed before use in commands or prompts.
Audit Metadata