Skills
skills/southleft/figma-console-mcp-skills/figma-check-design-parity/Gen Agent Trust Hub

figma-check-design-parity

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious behavior, obfuscation, or unauthorized data access patterns were detected.
  • [COMMAND_EXECUTION]: The script scripts/check-parity.js utilizes legitimate Figma Plugin API functions such as getNodeByIdAsync and getVariableByIdAsync to extract design properties. It does not perform any shell command execution or subprocess spawning.
  • [DATA_EXFILTRATION]: While the skill reads design properties and token information for parity analysis, it does not include logic for transmitting this data over a network. All extracted information is returned as a structured JSON object to the agent context.
  • [INDIRECT_PROMPT_INJECTION]: Ingestion points: The skill reads node.description and node.name from Figma in scripts/check-parity.js. Boundary markers: Not present in the script's output. Capability inventory: The skill has no capabilities for file-write, network requests, or code execution. Sanitization: Not present. Although the skill ingests potentially untrusted data from Figma node metadata, the lack of exploitable capabilities renders this surface low-risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:57 AM
Security Audit — agent-trust-hub — figma-check-design-parity