Skills
skills/figma/dev-mode-mcp-server-guide/figma-use-figjam/Gen Agent Trust Hub

figma-use-figjam

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains no instructions designed to bypass agent safety filters or override system behaviors. All directives are focused on the intended task of FigJam board creation and manipulation.
  • [CREDENTIALS_UNSAFE]: No hardcoded API keys, passwords, or other sensitive credentials were found in any of the files.
  • [DATA_EXFILTRATION]: No code patterns or network calls (e.g., fetch, curl, or WebSocket operations) were identified that could be used to transmit data to unauthorized external servers. All operations occur via the legitimate Figma Plugin API.
  • [EXTERNAL_DOWNLOADS]: The skill does not define any external dependencies or download remote scripts. It uses built-in Figma functionality.
  • [COMMAND_EXECUTION]: There is no use of shell commands or system-level execution patterns. The skill strictly uses the figma.currentPage and figma.* API namespace.
  • [REMOTE_CODE_EXECUTION]: No dynamic code evaluation (eval/exec) or remote script loading was found in the provided documentation or code snippets.
  • [SAFE]: The skill is a standard set of developer resources for the Figma MCP tool, following security best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 12:55 AM
Security Audit — agent-trust-hub — figma-use-figjam