figma-design-handoff
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface. It involves fetching and processing data from external Figma files via the Figma REST API that could potentially contain malicious instructions embedded in component properties or design token descriptions.
- Ingestion points: Figma REST API (api.figma.com) as described in rules/figma-variables-tokens.md and rules/figma-component-specs.md.
- Boundary markers: The provided instructions do not define specific delimiters or "ignore previous instructions" markers for the data fetched from Figma.
- Capability inventory: The skill uses WebFetch to ingest data and Read/Glob to access the local file system.
- Sanitization: There is no explicit mention of sanitizing or validating the text content retrieved from the Figma API before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch design data from Figma's official API (https://api.figma.com). This is a well-known and expected service for the skill's primary purpose.
- [COMMAND_EXECUTION]: The documentation describes using standard development tools such as curl, node, and npx for Style Dictionary, Playwright, and Applitools to automate the design-to-code pipeline.
Audit Metadata