figjam-create-content
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes JavaScript snippets targeting the Figma Plugin API. These snippets are used to create or modify elements on a FigJam board (stickies, shapes, connectors, etc.). The execution is confined to the Figma Desktop app's plugin environment.
- [DATA_EXFILTRATION]: The skill includes snippets for reading the contents of a FigJam board and its connection graph. While this data is returned to the agent context, there are no network operations or calls to external domains to exfiltrate this information.
- [PROMPT_INJECTION]: The instructions and snippets do not contain any patterns typical of prompt injection, such as instructions to ignore safety filters, reveal system prompts, or switch to unrestricted modes.
- [REMOTE_CODE_EXECUTION]: All code is provided as local snippets in the references/figjam-snippets.md file. There are no patterns involving the download and execution of remote scripts from the internet.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or secrets were identified in the codebase or metadata.
Audit Metadata