figma-mcp
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup guide (references/setup-guide.md) recommends installing the 'figma-developer-mcp' package from a community source using 'npm install -g' or 'npx'. This represents an unverifiable dependency from a third-party author not recognized as a well-known service or trusted vendor.
- [PROMPT_INJECTION]: The skill ingests design data from external Figma URLs using the 'get_figma_data' tool. This creates an indirect prompt injection surface where the agent processes text nodes and metadata from Figma files that could contain malicious instructions. The analysis identified the following evidence chain: (1) Ingestion points: 'get_figma_data' tool call in SKILL.md; (2) Boundary markers: Absent; (3) Capability inventory: Code generation and potential file writing; (4) Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill provides instructions for executing shell commands to install the skill and configure the MCP environment, including the execution of third-party server binaries that perform network operations.
Audit Metadata