figma-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill package is composed entirely of markdown files and schema definitions. No Python scripts, JavaScript files, shell scripts, or binary executables were found.
- [Indirect Prompt Injection] (SAFE): The skill provides tools for reading user-generated content from Figma (e.g., comments and file metadata), which represents a theoretical attack surface for indirect prompt injection. However, as a static specification, the skill does not include any processing logic or instructions that would cause the agent to execute untrusted data. 1. Ingestion points:
references/operations/getComments.md,references/operations/getFile.md. 2. Boundary markers: Absent (expected for an API specification). 3. Capability inventory: standard Figma REST API operations (Read/Write/Delete). 4. Sanitization: Not applicable for a static documentation package.
Audit Metadata