frame
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official Figma MCP server package via npx to facilitate secure communication with the Figma API.
- [PROMPT_INJECTION]: The skill ingests design data from external Figma URLs which represents a potential surface for indirect prompt injection.
- Ingestion points: Design data is retrieved via get_design_context, get_variable_defs, and get_figjam from user-provided URLs.
- Boundary markers: The skill contains instructions to "extract, do not interpret" and "structure for the consumer," which helps define operational boundaries.
- Capability inventory: The agent can modify Figma files via use_figma, create new files, and manage Code Connect mappings.
- Sanitization: Operations are performed through the official Figma MCP server which handles API authentication and structural validation of design data.
- [SAFE]: Credentials management (FIGMA_API_KEY) follows standard environment variable practices for MCP servers.
- [SAFE]: All write operations to the Figma canvas require explicit user confirmation and are scoped to design artifact modification.
Audit Metadata