import-tokens-figma
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security concerns detected. The skill operates using local scripts and standard Figma API calls to manage design variables.
- [EXTERNAL_DOWNLOADS]: No external dependencies or remote scripts are downloaded. The Node.js parser is a self-contained script with no external NPM dependencies.
- [COMMAND_EXECUTION]: Local command execution is limited to a Node.js parsing script (
parse-tokens.mjs) used to transform data formats, and a Figma-specific JavaScript file (apply-tokens.js) run within the restricted Figma environment. - [DATA_EXFILTRATION]: No network activity was detected. The scripts process design tokens locally and push them to the Figma platform through authenticated plugin interfaces.
Audit Metadata