figma-to-code
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection. The skill is designed to ingest and process untrusted external data from Figma exports (JSON files via scripts/parse_figma_json.js and screenshots via visual analysis) to inform its code generation process.
- Ingestion points: scripts/parse_figma_json.js and visual input from screenshots.
- Boundary markers: Absent. The skill instructions do not include clear delimiters or warnings for the agent to treat text content within the design as data rather than instructions.
- Capability inventory: The skill can read project files, write source code, and execute shell commands for project analysis and build checks.
- Sanitization: Absent. Text and data extracted from Figma are used directly in the generation context.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for users to fetch Figma data using curl from the official Figma API (api.figma.com). This is a neutral reference to a well-known service for manual data collection.
- [COMMAND_EXECUTION]: The skill executes local Node.js utility scripts (detect_project.js and parse_figma_json.js) using the shell to analyze the project and figma data. These scripts are internal to the skill and utilize Node.js standard libraries.
Audit Metadata