figma-implement-motion
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious patterns were identified. The skill is designed for a legitimate developer task.
- [COMMAND_EXECUTION]: The skill uses
curlto fetch SVG asset data from the Figma MCP server (/api/mcp/asset/...) to facilitate path-level animation implementation. This is a functional requirement for high-fidelity code generation. - [EXTERNAL_DOWNLOADS]: Recommends well-known and trusted animation libraries, such as
motion/react,GSAP, andthree.js, when appropriate for the user's technology stack. - [SAFE]: The skill processes external design data through Figma tools, which represents a standard indirect prompt injection surface. Given the trusted author (Figma) and the specific code-generation scope, this is considered a normal operational risk.
- Ingestion points:
get_design_contextandget_motion_contextoutputs (file: SKILL.md) - Boundary markers: None explicitly defined in the instructions
- Capability inventory: Source code generation and repository file writing
- Sanitization: No specific sanitization or validation of the design tool output is mentioned
Audit Metadata