Security risk report for @forgecat/openai_skills_figma-create-design-system-rules v0.0.10
Source Integrity
Low
Profile sourced from OpenAI's official skills repository (github.com/openai/skills) with clear attribution and Apache-2.0 license.
Commit hash and timestamp provided; no suspicious or obfuscated origin.
Agent Intent
Low
Content describes a legitimate design system rule generation workflow for Figma-to-code translation; no instructions to ignore system prompts, read credentials, or exfiltrate data.
Step-by-step guidance (analyze codebase, generate rules, save to agent-specific files) is transparent and aligned with stated purpose of standardizing Figma implementations.
References to Figma MCP tools (get_design_context, get_screenshot, get_metadata) are documented as normal workflow steps, not hidden or malicious directives.
Details
Evidence
"Follow these steps in order. Do not skip steps." — transparent procedural instruction
"Analyze the project to understand existing patterns" — legitimate codebase inspection
"Validate against Figma for 1:1 look and behavior before marking complete" — quality assurance, not exfiltration
Permissions
Low
No file_write, file_delete, shell, or other high-risk tool categories declared in the profile.
MCP server (figma) is scoped to Figma design operations; no unrestricted filesystem or network access requested.
Skill operates within the stated purpose: generating design system rules by analyzing codebase patterns and Figma designs.
Details
Evidence
No tools declared in profile; MCP server limited to figma endpoint.
Workflow involves reading codebase and calling Figma MCP methods (get_design_context, get_screenshot), not arbitrary command execution.
MCP Risk
MCP-000Medium
The MCP server points to `https://mcp.figma.com/mcp`, an external host operated by Figma Inc. — a well-known, legitimate service, but still an external network dependency the agent will contact at runtime.
No hidden instructions were found in tool descriptions, and no arbitrary binary execution or unrestricted filesystem access is declared.
Reliance on an external MCP endpoint means the agent's behavior could be influenced by server-side changes outside the profile's control, warranting mild caution.
Details
Evidence
{"figma": {"url": "https://mcp.figma.com/mcp"}}
"Requires Figma MCP server connection."
"Call the Figma MCP server's `create_design_system_rules` tool"