figma-setup-design-tokens
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains no malicious patterns and its behavior is consistent with its stated purpose of bootstrapping Figma design tokens.
- [COMMAND_EXECUTION]: The script uses legitimate Figma Plugin API methods such as
figma.variables.createVariableCollectionandfigma.variables.createVariable. There is no evidence of arbitrary shell command execution or unauthorized system access. - [DATA_EXFILTRATION]: No network operations or data extraction patterns were detected. The script only returns configuration IDs back to the agent as part of its normal operation.
- [PROMPT_INJECTION]: The instructions do not contain attempts to bypass AI safety filters or override the agent's core instructions.
- [EXTERNAL_DOWNLOADS]: The skill does not reference or download external scripts or packages from untrusted sources.
Audit Metadata