figma-use
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and JavaScript code snippets for interacting with the Figma Plugin API through the
use_figmatool. The code is transparent and follows documented practices for the Figma environment, focusing on document manipulation and data retrieval.\n- [SAFE]: The skill facilitates reading data from Figma files (such as node names and variable values) which could theoretically serve as a surface for indirect instructions. However, this interaction is the primary purpose of the tool, and the skill includes extensive instructions on validation (viaget_metadataandget_screenshot) and incremental workflows to ensure safe and predictable outcomes.\n - Ingestion points: Data is read from the Figma document using methods like
figma.currentPage.query,findAll, andget_metadata(referenced in SKILL.md and references/validation-and-recovery.md).\n - Boundary markers: The skill does not explicitly define boundary markers but emphasizes visual and structural validation by the agent.\n
- Capability inventory: The
use_figmatool provides capabilities to create, modify, or delete any node, style, or variable within the Figma document context (detailed in references/api-reference.md).\n - Sanitization: No specific sanitization of string data from the Figma document is implemented in the provided snippets, as the operations are constrained to the Figma API context.
Audit Metadata