sfnext-create-figma-kit

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use standard package manager commands (pnpm dev, pnpm typecheck, pnpm lint) and the official Figma CLI (npx figma connect publish). These commands are necessary for the skill's primary purpose of maintaining a design-to-code pipeline.
  • [DATA_EXPOSURE]: The skill mentions the use of a FIGMA_ACCESS_TOKEN. It correctly advises providing this as an environment variable in the terminal rather than hardcoding it into scripts or configuration files, adhering to standard secret management practices.
  • [EXTERNAL_DOWNLOADS]: The skill references the official Figma community repository and uses standard Node.js package execution via npx. These are well-known, trusted services integrated into the intended workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 01:57 PM
Security Audit — agent-trust-hub — sfnext-create-figma-kit