figma-to-code
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses established Figma MCP tools (mcp__figma__get_metadata, mcp__figma__get_design_context, mcp__figma__get_screenshot) to ingest design data, which is its primary purpose.
- [SAFE]: Font loading is handled through Google Fonts CDN, a well-known service. No untrusted external dependencies or remote scripts are executed.
- [SAFE]: The instructions for caching data in a .figma-mcp/ directory follow standard development practices for performance and reproducibility.
- [PROMPT_INJECTION]: The skill processes external data (Figma design content) which constitutes a surface for indirect prompt injection; however, this risk is inherent to the skill's primary function and no malicious patterns were identified.
- Ingestion points: Figma design data fetched from tools documented in reference/extended.md.
- Boundary markers: Absent.
- Capability inventory: Generation of front-end source code (React/Next.js).
- Sanitization: Content is processed according to layout rules rather than being sanitized against prompt injection.
Audit Metadata