figma-implement-motion
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected during the analysis. The skill is professionally authored and focuses exclusively on legitimate design-to-code workflows.
- [EXTERNAL_DOWNLOADS]: The skill recommends several established third-party animation libraries (such as motion.dev, GSAP, and react-spring) to handle specific visual effects. These are industry-standard tools and their use is consistent with best practices.
- [COMMAND_EXECUTION]: The skill includes instructions to use
curlfor the functional purpose of fetching and inlining SVG asset contents from internal platform URLs. This is a standard and secure practice for managing vector assets in this environment. - [PROMPT_INJECTION]: The skill processes external design data from Figma tools. While this constitutes a theoretical surface for indirect prompt injection, it is a necessary part of the design-to-code functionality and relies on trusted vendor tools within a secure context.
Audit Metadata