cds-design-to-code
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses official internal resources such as the
@coinbase/cds-mcp-serverpackage, which is consistent with the vendor identity of the author. - [SAFE]: All external design data is retrieved via the Figma MCP server, a well-known and standard protocol for this purpose.
- [SAFE]: The workflow incorporates high-fidelity requirements, including visual parity checks against Figma screenshots and adherence to established internal coding standards (via the
cds-codeskill). - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted data from an external design source.
- Ingestion points: Figma design context, node metadata, and screenshots fetched via MCP tools in
SKILL.md. - Boundary markers: None; the instructions do not specify the use of delimiters to isolate external Figma content from the agent's internal instructions.
- Capability inventory: The agent is authorized to generate implementation code (file writing) and download assets (local file system access) based on the ingested Figma data.
- Sanitization: Absent; there is no explicit instruction to sanitize or validate Figma layer names or metadata strings before they are interpolated into the code generation process.
Audit Metadata