figma-bridge

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted content from external Figma files and URLs using tools such as get_design_context and get_libraries. Malicious instructions embedded within Figma layer names or metadata could influence agent behavior during processing.
  • Ingestion points: External Figma file keys, node IDs, and design context data retrieved via MCP tools.
  • Boundary markers: No explicit delimiters or instructions are provided to ignore embedded commands in the design data.
  • Capability inventory: Executes file writes to design-state.md and generates HTML code for prototypes.
  • Sanitization: There is no mention of sanitizing or validating the content pulled from Figma before it is processed.
  • [COMMAND_EXECUTION]: Dynamic code generation surface. The skill generates a self-contained, clickable HTML prototype at runtime when Figma tools are unavailable. This process involves assembling code from project tokens and content strings, which is a form of dynamic execution.
  • [COMMAND_EXECUTION]: The skill invokes various Figma-specific MCP tools (e.g., use_figma, create_new_file) to perform design operations. This interaction with an external platform through shell-like commands is a core capability of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 09:38 AM
Security Audit — agent-trust-hub — figma-bridge