figma-annotations
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing designer-authored text from Figma nodes.
- Ingestion points: User-controlled labels and markdown descriptions are retrieved from node annotations in
scripts/get-annotations.js. - Boundary markers: The skill lacks delimiters or instructions to isolate external annotation content, potentially allowing embedded instructions to influence the agent.
- Capability inventory: The skill can modify Figma node annotations and categories, providing an automated vector for design manipulation.
- Sanitization: There is no evidence of sanitization or validation of the text strings fetched from the Figma Plugin API before they are processed by the agent.
Audit Metadata