Skills
skills/aradotso/mcp-skills/figma-mcp-go/Gen Agent Trust Hub

figma-mcp-go

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@vkhanhqui/figma-mcp-go' package from NPM and the download of a Figma plugin ZIP from a GitHub repository ('github.com/vkhanhqui/figma-mcp-go'). These sources are not recognized as trusted vendors or official project repositories.- [COMMAND_EXECUTION]: Tools like 'save_screenshots' and 'export_frames_to_pdf' accept user-defined file paths ('outputDir' and 'outputPath'), enabling the agent to write files to arbitrary locations on the local file system.- [DATA_EXFILTRATION]: The skill can extract comprehensive design data, including screenshots and design tokens, from Figma files. While this is the intended functionality, it provides a surface for sensitive design information to be exported to external storage or locations specified by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 09:20 PM
Security Audit — agent-trust-hub — figma-mcp-go