ui-convert-writer-figma
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs authenticated design writes to Figma according to a serialized order and uses a registry for idempotency, which is standard professional practice.
- [EXTERNAL_DOWNLOADS]: The skill references a tool, set_image_fill, which allows fetching assets from external URLs. This is a legitimate functional requirement for design tools to incorporate remote images.
- [PROMPT_INJECTION]: The skill processes structured IR JSON files, which constitutes an ingestion point for external data. While the skill lacks explicit boundary markers or sanitization for these files, the risk of indirect prompt injection is mitigated by the deterministic mapping of input keys to Figma properties rather than direct command interpretation. 1. Ingestion points: IR files and registry.json. 2. Boundary markers: Absent. 3. Capability inventory: Figma node and style manipulation tools. 4. Sanitization: Absent.
Audit Metadata