figma-implement-design

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external Figma files which acts as a potential surface for indirect prompt injection.
  • Ingestion points: The skill uses get_design_context and get_metadata to retrieve data from user-provided Figma URLs (SKILL.md).
  • Boundary markers: The instructions lack explicit markers or instructions to treat Figma layer names or component descriptions as untrusted data.
  • Capability inventory: The agent has the capability to write and modify production code in the user's repository.
  • Sanitization: There is no mention of sanitizing or escaping the content retrieved from Figma before it is interpreted by the model for code generation.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of graphical assets from a local endpoint.
  • Evidence: The workflow instructs the agent to download images and SVGs through the Figma MCP server's assets endpoint, which are served via localhost (SKILL.md, Step 4).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 06:19 AM
Security Audit — agent-trust-hub — figma-implement-design