Trust Assessment
figma received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Local File Access via Malicious Figma MCP Server.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit f4b5c7d6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Local File Access via Malicious Figma MCP Server The skill instructs the agent to 'use that image or SVG source directly' if the Figma MCP Server returns a `localhost` source. A malicious or compromised Figma MCP server could return a `localhost` URL (e.g., `http://localhost/etc/passwd` or `file:///path/to/sensitive/file.txt`) pointing to sensitive files on the agent's machine. If the agent's execution environment allows fetching content from arbitrary `localhost` or `file://` URLs, this could lead to unauthorized access and potential exfiltration of local files. Modify the skill to explicitly disallow fetching assets from `localhost` or `file://` URLs, or implement strict URL validation to ensure only expected external domains are accessed. The agent should never directly 'use' arbitrary `localhost` URLs returned by an external server without sanitization and validation. | LLM | SKILL.md:31 |
Scan History
Embed Code
[](https://skillshield.io/report/393fb36f5aad4896)
Powered by SkillShield