figma-import-tokens
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the provided instructions and scripts revealed no malicious patterns, prompt injections, or obfuscation techniques.
- [COMMAND_EXECUTION]: The skill provides a Node.js script (
scripts/parse-tokens.mjs) designed to process local design token files. This script is used to generate configuration constants and does not perform network operations or unauthorized file access. - [EXTERNAL_DOWNLOADS]: The documentation references an external
figma-useskill as a dependency for interacting with the Figma API. This is a standard workflow for platform-specific skills and does not involve downloading untrusted remote code. - [DATA_EXFILTRATION]: No network exfiltration or credential harvesting patterns were detected. The scripts operate locally on provided token data and within the restricted Figma Plugin environment.
Audit Metadata