Skills
skills/aradotso/design-skills/figma-mcp-integration/Gen Agent Trust Hub

figma-mcp-integration

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Bun runtime installer from its official domain (bun.sh).
  • [REMOTE_CODE_EXECUTION]: Clones a repository from GitHub (github.com/grab/cursor-talk-to-figma-mcp) and executes its setup script, and also runs a remote package via bunx.
  • [COMMAND_EXECUTION]: Requires execution of several shell commands for environment preparation and running a local WebSocket server, including modifying network listeners to allow broader access (0.0.0.0).
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the ingestion of design data from Figma.
  • Ingestion points: Data extracted via get_document_info, get_selection, read_my_design, and scan_text_nodes in SKILL.md.
  • Boundary markers: None present; external content is used without delimiters or instructions to ignore embedded commands.
  • Capability inventory: Capability to run subprocesses via Bun, host a network server, and perform destructive actions like delete_node or broad updates in Figma.
  • Sanitization: No mention of validation or sanitization for text content retrieved from the design tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 07:52 AM