Back to skill

Security audit

Figma to Mobile

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Figma-to-mobile-code skill, but it can optionally scan broad local app project contents without a clear user-consent boundary.

Install only if you are comfortable giving the skill a Figma personal access token and allowing it to inspect local mobile project resources for better code generation. Before running project_scan.py, specify the intended project and module, review the generated scan report, and avoid using it on repositories containing unrelated private strings or assets unless that indexing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The design document materially expands the skill from converting a Figma link into generated mobile UI code into scanning local project modules and modifying project resources. That broader capability increases data exposure and write scope beyond the user-facing description, creating a permission and expectation mismatch that could lead an agent to inspect unrelated files or alter an existing app in ways the user did not explicitly request.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Project-wide or dependency-module scanning is not necessary for basic Figma-to-code generation and can expose source structure, resources, strings, styles, and custom components unrelated to the requested design conversion. In an agent setting, this broadens the reachable local context and increases the chance of over-collection, privacy leakage, or unintended coupling to internal project artifacts.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
Creating new resources inside an existing app module goes beyond passive code generation and turns the skill into a project-modifying tool. Without explicit consent and bounded write targets, an agent could introduce files into the wrong module, overwrite conventions, or make persistent changes that are unexpected from a skill advertised as producing code files from Figma designs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.