Back to skill

Security audit

Figma Spacing System

Security checks across malware telemetry and agentic risk

Overview

This is a simple design-guidance skill for creating Figma spacing tokens and layout grids, with no evidence of hidden execution or sensitive access.

This appears safe to install as a design assistance skill. Users should be aware it may activate for fairly general Figma spacing questions, so review whether the full spacing-system workflow is what they want before applying the output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "Create a spacing system for our Figma design system" is broad enough to match normal design-assistance requests, which can cause this skill to activate in contexts where the user did not explicitly ask for this specific workflow. That can lead to unintended instruction injection into a conversation, reducing routing precision and potentially overriding a more appropriate skill or general-purpose response.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "Define our spacing tokens for Figma" is vague and likely to collide with everyday design requests about spacing, tokens, or Figma usage. Over-broad activation increases the chance of accidental skill invocation, which can steer the agent into a rigid workflow the user did not intend and create prompt-routing ambiguity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.