Skills
skills/southleft/skills-for-figma/setup-design-tokens-figma/Gen Agent Trust Hub

setup-design-tokens-figma

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Figma Plugin API (figma.variables.*) to automate the creation of design systems. All logic is executed within the Figma environment's authenticated sandbox.
  • [DATA_EXFILTRATION]: There are no network calls or external data transfers. The hexToRgb function and token creation loop operate entirely on local constants provided in the script.
  • [CREDENTIALS_UNSAFE]: No API keys or secrets are required or hardcoded. The skill uses the active Figma user's session implicitly through the standard figma object.
  • [REMOTE_CODE_EXECUTION]: The script is a static JavaScript file intended to be run via a 'use_figma' tool. It does not download external scripts or use dynamic evaluation (eval/exec) of untrusted input.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 08:59 AM
Security Audit — agent-trust-hub — setup-design-tokens-figma