pp-figma
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
figma-pp-clitool usingnpxfrom the@mvanhorn/printing-presspackage andgo installfrom thegithub.com/mvanhorn/printing-press-libraryrepository. These sources are consistent with the vendor's provided infrastructure. - [COMMAND_EXECUTION]: The skill utilizes bash commands to perform environment setup, tool installation, and execution of the Figma CLI utility, which is consistent with the skill's stated purpose.
- [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature that allows routing command output to arbitrary external URLs. While documented as a feature for design data delivery, it provides a generic network egress capability for data processed by the tool. - [PROMPT_INJECTION]: The skill processes untrusted external data from Figma files, nodes, and comments, creating a surface for indirect prompt injection.
- Ingestion points: Data enters via the
frame extract,dev-mode dump,comments-audit, andfilescommands which fetch content from the Figma API. - Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the Figma content.
- Capability inventory: The skill has access to bash execution, file system writes (
--deliver file:), and network egress (--deliver webhook:). - Sanitization: There is no evidence of sanitization or validation logic for the content retrieved from Figma before it is provided to the agent context.
Audit Metadata