using-figma
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a robust least-privilege model by using the
allowed-toolsfrontmatter to restrict the agent's environment to read-only Figma tools, explicitly excluding mutation capabilities.- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of design metadata, layer names, and strings fetched from Figma, creating an indirect prompt injection surface. - Ingestion points: Data is ingested via the
mcp__figma__get_design_context,mcp__figma__get_metadata, andmcp__figma__get_variable_defstools inSKILL.md. - Boundary markers: No explicit delimiters or 'ignore instructions' markers are defined for the design context when it is interpolated into the prompt.
- Capability inventory: The skill's capabilities are strictly limited to the referenced read-only tools and it does not possess file-write, network exfiltration, or arbitrary execution permissions.
- Sanitization: The instructions do not specify any sanitization, escaping, or filtering for content retrieved from Figma layers or text nodes.
Audit Metadata