Skills
skills/aradotso/design-skills/figma-context-mcp-cached/Gen Agent Trust Hub

figma-context-mcp-cached

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill configuration instructs the user/agent to download and run the @pactortester/figma-mcp-cached package from the NPM registry using npx.
  • [REMOTE_CODE_EXECUTION]: The skill executes remote code from an unverifiable package (@pactortester/figma-mcp-cached) at runtime when the MCP server is initialized.
  • [COMMAND_EXECUTION]: The download_figma_images tool provides a mechanism to write data to the local file system. It includes a localPath argument that supports absolute paths, potentially allowing file writes outside of intended directories.
  • [PROMPT_INJECTION]: Indirect prompt injection surface exists in the Figma design data processing. The skill fetches design specifications (node names, component properties, styles) from external Figma URLs and encourages agents to use this data for code generation. A malicious design file could contain embedded instructions to influence the agent's output.
  • Ingestion points: Figma API responses processed in SKILL.md (e.g., get_figma_data output).
  • Boundary markers: None identified; design data is interpolated into logic for CSS/Tailwind generation.
  • Capability inventory: File writing via download_figma_images in SKILL.md.
  • Sanitization: No evidence of sanitization for Figma design tokens before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 01:42 AM