figma-connect

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the @figma/code-connect CLI for operations such as publishing component mappings, parsing project configurations, and generating boilerplate files. These commands are fundamental to the skill's purpose and are executed within the user's project environment.
  • [EXTERNAL_DOWNLOADS]: Downloads design assets, screenshots, and metadata from Figma's authenticated API endpoints and installs the official Code Connect package from the public npm registry.
  • [SAFE]: Authentication is handled through secure methods, including Figma's OAuth flow for the MCP server and environment variables for the CLI, adhering to standard practices for secret management.
  • [SAFE]: The skill implements logic to accurately parse Figma URLs and detect various project frameworks (React, Vue, Svelte, etc.) to ensure that generated code matches the existing project's tech stack and conventions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:25 PM
Security Audit — agent-trust-hub — figma-connect