ux-writing
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of markdown documentation and templates designed to assist in creating user-centered interface copy.
- [EXTERNAL_DOWNLOADS]: The documentation describes how to configure the Figma Model Context Protocol (MCP) server. The URLs provided (https://mcp.figma.com/mcp) belong to official Figma infrastructure, which is recognized as a well-known technology service.
- [PROMPT_INJECTION]: The skill's primary purpose involves auditing content from external sources (Figma files). While this exposes the agent to indirect prompt injection from text within those designs, this is an inherent risk of the intended functionality and is mitigated by the agent's own safety guardrails. Ingestion points: Figma frames accessed via links (docs/figma-integration.md). Boundary markers: Not explicitly defined in templates; relies on agent's default context handling. Capability inventory: No local scripts or subprocess execution; relies on external Figma MCP tools. Sanitization: None specified for external content.
Audit Metadata