figma-use
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide and reference for interacting with the Figma Plugin API. A thorough audit of the SKILL.md and all reference files confirms that the instructions are aligned with the intended purpose of automating Figma design tasks.
- [SAFE]: No malicious obfuscation, credential harvesting, or unauthorized network operations were detected. While the skill includes a helper function that utilizes double Base64 encoding (
btoa(btoa(...))), this is used purely for generating unique keys from object data to handle deduplication in metadata extraction, which is a standard programming practice in this context. - [SAFE]: The skill correctly identifies and warns against common pitfalls in the Figma API environment, such as the lack of support for certain synchronous setters and the
figma.notify()method, reinforcing its role as a helpful developer tool.
Audit Metadata