Skills
skills/codestate-cs/figma-to-design/build/Gen Agent Trust Hub

build

Fail

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the Bash tool that incorporate a user-provided <dev-server-url> in Phase 3.1. Without validation or sanitization, an attacker can provide a URL containing shell metacharacters (e.g., ;, &&, |) to execute arbitrary commands on the system.
  • [PROMPT_INJECTION]: The skill ingests untrusted design data from Figma URLs via the mcp__figma tool. Maliciously crafted content within a Figma file could act as an indirect prompt injection, influencing the agent to generate insecure code or perform unauthorized actions.
  • Ingestion points: Figma design context, typography, and layout data fetched from user-provided URLs.
  • Boundary markers: No delimiters or instructions are used to distinguish design data from system instructions.
  • Capability inventory: The agent has access to Bash, Write, Edit, and Read tools.
  • Sanitization: The skill does not specify any sanitization or validation logic for the data retrieved from the Figma API.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 3, 2026, 06:43 PM