Skills
skills/aradotso/design-skills/cursor-talk-to-figma-mcp/Gen Agent Trust Hub

cursor-talk-to-figma-mcp

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and execute the official Bun runtime installer from 'https://bun.sh/install'.
  • [EXTERNAL_DOWNLOADS]: Installs the 'cursor-talk-to-figma-mcp' package from the NPM registry as part of the MCP configuration.
  • [REMOTE_CODE_EXECUTION]: Instructs users to pipe the Bun installation script directly to bash or use the PowerShell 'iex' command for Windows/WSL setups.
  • [COMMAND_EXECUTION]: Provides local commands for server setup and execution, specifically 'bun setup' and 'bun socket'.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from Figma designs, creating a surface for indirect prompt injection.
  • Ingestion points: 'SKILL.md' (e.g., tools like 'get_document_info', 'scan_text_nodes', and 'get_annotations' retrieve data from external Figma files).
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are provided in the skill documentation.
  • Capability inventory: 'SKILL.md' (the skill can read and modify Figma document structure, create/delete nodes, and update text content).
  • Sanitization: No specific sanitization or validation of the retrieved Figma data is described in the provided instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 17, 2026, 07:51 AM