figma-to-code
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted design metadata from external Figma files to generate executable React/TypeScript code. An attacker with control over a Figma file could potentially embed malicious instructions or scripts in layer names or text properties that could influence the agent's behavior or be improperly handled during code generation.
- Ingestion points: Design data is retrieved using Figma MCP tools
mcp__figma__get_metadataandmcp__figma__get_design_contextfrom remote Figma URLs (SKILL.md, reference/extended.md). - Boundary markers: The instructions do not define clear delimiters or specific instructions for the agent to ignore potentially malicious embedded content within the design data.
- Capability inventory: The skill facilitates production code generation (React/TypeScript) and local file system writes (caching MCP data in the
.figma-mcp/directory) (SKILL.md, reference/extended.md). - Sanitization: There are no explicit instructions for the agent to sanitize, validate, or escape the strings retrieved from the Figma API before they are interpolated into the generated component code.
Audit Metadata