web-to-figma-chrome-extension
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions direct users to clone source code from an external GitHub repository (github.com/Paidax01/web-to-figma.git) which is not verified by the skill platform.
- [COMMAND_EXECUTION]: The skill includes shell commands for the user to execute, such as 'git clone' for repository setup and 'zip' for packaging the extension for distribution.
- [DATA_EXFILTRATION]: The extension requests high-privilege 'host_permissions' for '<all_urls>' and injects content scripts into every webpage. This grants the capability to read all content in the Document Object Model (DOM), including sensitive text and images, which are then bundled into a downloadable JSON file. Additionally, the 'background.js' script provides a proxy fetch mechanism that allows content scripts to initiate network requests to arbitrary URLs.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from webpages.
- Ingestion points: 'capture.js' traverses and extracts data from the DOM of any active browser tab.
- Boundary markers: No delimiters or protective instructions are used to distinguish untrusted web content from the agent's logic.
- Capability inventory: The extension utilizes 'downloads' permissions and 'background.js' network operations to process and move data.
- Sanitization: No sanitization, escaping, or validation of the extracted DOM content is performed before storage or processing.
Audit Metadata