Skills
skills/figma/dev-mode-mcp-server-guide/figma-generate-library/Gen Agent Trust Hub

figma-generate-library

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill generates and executes JavaScript code within the Figma Plugin environment via the use_figma tool. This is the core functionality intended for design system automation.
  • [SAFE]: The skill reads local codebase configuration files (CSS, JSON, etc.) to extract design tokens. This is a legitimate data access pattern for its stated purpose.
  • [SAFE]: Workflow state is persisted in a temporary local JSON file at /tmp/dsb-state-{RUN_ID}.json to facilitate recovery and idempotency in long-running tasks.
  • [SAFE]: The skill processes external codebase data which presents an indirect prompt injection surface. However, the risk is addressed through structured parsing patterns and the requirement for explicit human approval at key workflow checkpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:10 PM
Security Audit — agent-trust-hub — figma-generate-library