Trust Assessment
figma received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Local File Access via Malicious Figma MCP Server.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit f4b5c7d6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Local File Access via Malicious Figma MCP Server The skill instructs the agent to 'use that image or SVG source directly' if the Figma MCP Server returns a `localhost` source. A malicious or compromised Figma MCP server could return a `localhost` URL (e.g., `http://localhost/etc/passwd` or `file:///path/to/sensitive/file.txt`) pointing to sensitive files on the agent's machine. If the agent's execution environment allows fetching content from arbitrary `localhost` or `file://` URLs, this could lead to unauthorized access and potential exfiltration of local files. Modify the skill to explicitly disallow fetching assets from `localhost` or `file://` URLs, or implement strict URL validation to ensure only expected external domains are accessed. The agent should never directly 'use' arbitrary `localhost` URLs returned by an external server without sanitization and validation. | Unknown | SKILL.md:31 |
Scan History
Embed Code
[](https://skillshield.io/report/393fb36f5aad4896)
Powered by SkillShield