check-design-parity-figma
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Detailed inspection of the skill files confirms no malicious behavior, unauthorized network requests, or attempts to access sensitive system data.
- [COMMAND_EXECUTION]: The skill provides a JavaScript script (
scripts/check-parity.js) designed to be executed via theuse_figmatool. This script utilizes standard Figma Plugin API methods (e.g.,getNodeByIdAsync,getVariableByIdAsync) to retrieve visual, spacing, and typography properties for comparison. - [DATA_EXFILTRATION]: The skill extracts design metadata and variable values from a Figma document. This data access is restricted to the specific node identified by the user and is used locally within the agent's context to generate a parity score. No data is transmitted to external or untrusted domains.
- [PROMPT_INJECTION]: The skill processes the
node.descriptionfield from Figma to identify accessibility features using regex patterns (e.g., searching for 'disabled' or 'aria' roles). While this involves processing external data, the script treats the content as descriptive metadata for linting purposes and does not execute the text or allow it to influence agent instructions.
Audit Metadata