figma-create-design-system-rules
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the creation of project-level instruction files (such as CLAUDE.md or .cursor/rules/) based on external data fetched from a Figma MCP server. This creates an indirect prompt injection surface where a malicious Figma design file could potentially embed instructions that become part of the agent's permanent system rules.
- Ingestion points: Data is ingested through the Figma MCP server tools:
create_design_system_rules,get_design_context, andget_metadatain SKILL.md. - Boundary markers: The skill does not implement clear boundary markers or instructions for the agent to ignore embedded commands within the fetched design data.
- Capability inventory: The skill allows the agent to read the codebase and write generated rules to local files (e.g.,
CLAUDE.md,AGENTS.md,.cursor/rules/). - Sanitization: No sanitization or validation of the Figma-provided data is specified before it is used to generate the final rule files.
Audit Metadata