claude2figma-design-system-harness
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches skill components and configuration from the project's GitHub repository (github.com/senlindesign/claude2figma.git) during the installation process.\n- [COMMAND_EXECUTION]: Instructions direct users to install the @anthropic-ai/figma-mcp package, which provides the necessary interface for interacting with the Figma API.\n- [PROMPT_INJECTION]: The reference-interpreter skill processes untrusted external data (screenshots and reference descriptions) to generate design briefs.\n
- Ingestion points: Reference images and user-provided descriptions processed by the reference-interpreter skill to create structured design briefs.\n
- Boundary markers: The workflow includes a manual confirmation step where the user must approve the Design Brief before the AI proceeds with generation.\n
- Capability inventory: The skill possesses write capabilities to Figma files via the Figma MCP server, including creating instances, setting properties, and binding variables.\n
- Sanitization: No explicit sanitization or instruction-filtering for the ingested reference data is described in the harness documentation.
Audit Metadata