create-design-system-rules
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured workflow for generating project-specific rules using the authorized Figma MCP server tools (
create_design_system_rules,get_design_context,get_screenshot,get_metadata). - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it processes untrusted data from the user's codebase and Figma design nodes. However, the skill primarily generates documentation (
CLAUDE.md) rather than executing arbitrary commands, and its instructions follow standard assistant development patterns. - Ingestion points: Reads project files during Step 2 (codebase analysis) and Figma node data via
get_design_contextin Step 3. - Boundary markers: None explicitly defined in the prompt templates.
- Capability inventory: Can read project files and write to
CLAUDE.md. - Sanitization: Relies on standard LLM safety guardrails; no explicit sanitization logic is provided in the skill text.
Audit Metadata