Skills
skills/aradotso/design-skills/vibefigma-figma-to-react/Gen Agent Trust Hub

vibefigma-figma-to-react

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and installs the vibefigma package from the official npm registry to enable its core design-to-code conversion functionality.
  • [COMMAND_EXECUTION]: Provides instructions for executing shell commands and scripts, such as npx vibefigma and batch conversion shell scripts, to automate the workflow.
  • [DATA_EXFILTRATION]: Utilizes sensitive environment variables, including FIGMA_TOKEN and GOOGLE_GENERATIVE_AI_API_KEY, to interact with official service endpoints. These are managed using standard security practices like .env files.
  • [PROMPT_INJECTION]:
  • Ingestion points: Design data from the Figma API (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: File system writing (fs.writeFile) and CLI execution (npx) defined in SKILL.md.
  • Sanitization: Not explicitly mentioned in the provided examples.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 03:24 PM