Skills
skills/coinbase/cds/cds-design-to-code/Gen Agent Trust Hub

cds-design-to-code

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends the installation of @coinbase/cds-mcp-server via npx. This is an official vendor package from Coinbase intended for design system integration.
  • [PROMPT_INJECTION]: The skill ingests untrusted design context and metadata from external Figma files via MCP tools. This creates an indirect prompt injection surface where a malicious design could contain instructions to influence the agent's code generation.
  • Ingestion points: Figma design data and metadata (SKILL.md Step 2).
  • Boundary markers: Absent. There are no instructions for the agent to ignore instructions embedded within the design payload.
  • Capability inventory: File system access to write and update component code and download assets (SKILL.md Step 4, 7).
  • Sanitization: Absent. The agent is instructed to use the external Figma data directly for implementation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:56 PM
Security Audit — agent-trust-hub — cds-design-to-code