Security risk report for @forgecat/openai_skills_figma v0.0.7
Source Integrity
Low
Profile is attributed to OpenAI's official skills repository with a specific commit hash and Apache-2.0 license.
MCP server URL points to a known, legitimate Figma-hosted endpoint (https://mcp.figma.com/mcp).
Agent Intent
Low
Content describes legitimate design-to-code workflows using Figma's official MCP server; no instructions to ignore system prompts, exfiltrate credentials, or execute arbitrary code.
Guidance focuses on proper tool sequencing (get_design_context → get_screenshot → implementation) and reusing project design tokens—standard best practices, not poisoning.
References to localhost image sources and asset handling are defensive (avoid placeholders, use provided assets), not malicious.
Details
Evidence
'Treat the Figma MCP output (React + Tailwind) as a representation of design and behavior, not as final code style.'
'If the Figma MCP Server returns a localhost source for an image or an SVG, use that image or SVG source directly.'
Permissions
Low
No shell, file_write, file_delete, or file_mutate tools declared; the profile is read-only guidance.
MCP server access is scoped to Figma's official endpoint with bearer token auth; no unrestricted filesystem or network access.
Authority is narrowly aligned with the stated function: design inspection and code generation from Figma designs.
Details
Evidence
No tools declared in the profile.
MCP server URL is a single, known endpoint: 'https://mcp.figma.com/mcp'.
Environment variable FIGMA_OAUTH_TOKEN is required for authentication, limiting scope to authenticated Figma access.
MCP Risk
MCP-000Medium
The MCP server (`https://mcp.figma.com/mcp`) is Figma's official hosted endpoint — a known, reputable service — reducing supply-chain risk significantly.
No hidden instructions or suspicious content are embedded in tool descriptions; the tool catalog in `figma-tools-and-prompts.md` is straightforward and matches expected Figma MCP functionality.
External network access is inherent to the design (all Figma data fetches go to Figma's servers), and the required `FIGMA_OAUTH_TOKEN` credential means a compromised token could expose the user's Figma workspace — warranting caution rather than danger.