Skills
skills/aradotso/design-skills/figma-ui-mcp-bridge/Gen Agent Trust Hub

figma-ui-mcp-bridge

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The installation process requires downloading a plugin.zip file from a personal GitHub repository (https://github.com/TranHoaiHung/figma-ui-mcp/raw/main/plugin.zip). This component is executed within Figma Desktop as a development plugin.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx figma-ui-mcp to download and execute the MCP server at runtime. This allows for the execution of remote code from an unverified package on the npm registry.
  • [COMMAND_EXECUTION]: Installation instructions guide the user to execute shell commands (npx, claude mcp add) that download and run external code on the local machine.
  • [REMOTE_CODE_EXECUTION]: The figma_write tool allows the AI agent to execute JavaScript operations on the Figma canvas. While scoped to the Figma API, it represents a dynamic execution path controlled by the agent.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted design data from Figma nodes and tokens (Ingestion Point: figma_read in SKILL.md). The skill lacks explicit boundary markers or sanitization logic to prevent the AI from interpreting text within Figma designs as instructions. The skill has capabilities to modify the Figma document (figma_write).
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 08:18 PM