Skills
skills/southleft/figma-console-mcp-skills/figma-comments/Gen Agent Trust Hub

figma-comments

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts (scripts/get-comments.sh, scripts/post-comment.sh, scripts/delete-comment.sh) that use curl and jq to communicate with the Figma API.
  • [DATA_EXFILTRATION]: The skill transmits the FIGMA_TOKEN and comment data to api.figma.com. This is the intended purpose of the skill, and the destination is the official Figma API domain.
  • [PROMPT_INJECTION]: The skill is subject to Indirect Prompt Injection because it ingests untrusted data (comment text) from the Figma API and provides it to the agent's context.
  • Ingestion points: scripts/get-comments.sh fetches existing comments and thread data from Figma files via the REST API.
  • Boundary markers: Data is returned as structured JSON, but there are no specific markers to prevent the agent from following instructions potentially embedded within the comment messages.
  • Capability inventory: The agent can use the provided scripts to read, post, and delete comments on the user's behalf.
  • Sanitization: While the scripts use jq to handle JSON encoding safely, the textual content of the comments is not sanitized for adversarial prompt patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:56 AM
Security Audit — agent-trust-hub — figma-comments