Skills
skills/southleft/skills-for-figma/create-figjam-content/Gen Agent Trust Hub

create-figjam-content

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected.
  • Ingestion points: The 'Read board contents' and 'Read the connection graph' snippets in references/figjam-snippets.md ingest text content from FigJam nodes (stickies, shapes, connectors, etc.).
  • Boundary markers: None present. The scripts return raw text data directly from the Figma API to the agent context.
  • Capability inventory: The skill possesses the ability to create and modify board elements (nodes, sections, tables, code blocks) using various snippets in references/figjam-snippets.md.
  • Sanitization: No sanitization or filtering of the text content read from the board is performed before it is returned.
  • [COMMAND_EXECUTION]: The skill provides multiple JavaScript snippets in references/figjam-snippets.md designed to be executed via the use_figma tool. These snippets interact directly with the Figma Plugin API to perform board operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 08:59 AM
Security Audit — agent-trust-hub — create-figjam-content