figma-analyze-component-set
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its intended function of analyzing Figma component sets for code generation blueprints.
- [DATA_EXFILTRATION]: No network operations or external data transfer mechanisms were detected. Data is processed locally within the Figma execution context and returned to the agent as structured JSON.
- [COMMAND_EXECUTION]: The script uses standard Figma Plugin API calls (
getNodeByIdAsync,getLocalVariablesAsync) and does not invoke shell commands or execute arbitrary strings. - [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or sensitive environment variable access were found. The skill operates using the permissions granted to the Figma execution environment.
- [PROMPT_INJECTION]: The instructions in SKILL.md provide clear operational boundaries and do not attempt to override system safety guidelines or extract internal prompts.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes external design data from Figma, the data is parsed into a structured format (JSON) and used for descriptive analysis. No execution paths exist that would allow untrusted data to manipulate the agent's core logic.
Audit Metadata