Skills
skills/aradotso/design-skills/figma-mcp-go-design-automation/Gen Agent Trust Hub

figma-mcp-go-design-automation

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute an unverified NPM package (@vkhanhqui/figma-mcp-go) using npx, which downloads and runs code from a non-trusted third-party source during runtime.
  • [EXTERNAL_DOWNLOADS]: Installation instructions require downloading a binary plugin.zip file from a third-party GitHub repository (github.com/vkhanhqui/figma-mcp-go). This bypasses official trusted package channels and involves running unverified software.
  • [COMMAND_EXECUTION]: Several tools such as save_screenshots and export_tokens allow the agent to write files to arbitrary local filesystem paths via an outputPath argument. This capability could be exploited to overwrite configuration files or sensitive data if the agent is misdirected.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design to process external data from Figma files.
  • Ingestion points: The skill reads text content and layer hierarchies from Figma documents using tools like get_document, scan_text_nodes, and get_selection as described in SKILL.md.
  • Boundary markers: Absent. The instructions provide no delimiters or warnings to the agent to distinguish between Figma data and instructions.
  • Capability inventory: The skill has access to file writing tools (save_screenshots, export_tokens) and can modify Figma designs.
  • Sanitization: Absent. There is no evidence of sanitization or validation of the data retrieved from the Figma bridge before it enters the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 05:18 AM