figma-code-connect
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the use of the @figma/code-connect CLI tool for publishing and managing design-to-code mappings.\n- [EXTERNAL_DOWNLOADS]: The skill references the @figma/code-connect package, which is a standard library from the vendor available on the NPM registry.\n- [DATA_EXFILTRATION]: The skill identifies and reads local project source code to extract component property interfaces for template generation. This data remains local and is used solely for the configuration of Figma Code Connect.\n- [PROMPT_INJECTION]: The skill ingests component metadata from the Figma API, creating a surface for indirect prompt injection. \n
- Ingestion points: Figma component property data retrieved via the get_context_for_code_connect MCP tool.\n
- Boundary markers: No specific delimiters or safety instructions are defined for the design data being processed.\n
- Capability inventory: The skill utilizes file system read and write operations to search for code and generate template files.\n
- Sanitization: The instructions do not describe sanitization or validation logic for the external design data before its inclusion in generated code.
Audit Metadata