figma-implement-design
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external Figma files which acts as a potential surface for indirect prompt injection.
- Ingestion points: The skill uses
get_design_contextandget_metadatato retrieve data from user-provided Figma URLs (SKILL.md). - Boundary markers: The instructions lack explicit markers or instructions to treat Figma layer names or component descriptions as untrusted data.
- Capability inventory: The agent has the capability to write and modify production code in the user's repository.
- Sanitization: There is no mention of sanitizing or escaping the content retrieved from Figma before it is interpreted by the model for code generation.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of graphical assets from a local endpoint.
- Evidence: The workflow instructs the agent to download images and SVGs through the Figma MCP server's assets endpoint, which are served via
localhost(SKILL.md, Step 4).
Audit Metadata