anima-upgrade-migration
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides code examples that ingest design data from the Figma API and write the results directly to the local filesystem. This creates an attack surface where a compromised or malicious Figma file could attempt to inject malicious content into the generated code.
- Ingestion points: Figma file data retrieved via anima.generateCode() in SKILL.md.
- Boundary markers: Not present in the provided script examples.
- Capability inventory: Uses fs.writeFileSync to write generated content to the disk in SKILL.md.
- Sanitization: No sanitization or validation of the generated content is demonstrated before writing to the filesystem.
Audit Metadata