next-theme-figma
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows best practices for design-to-code handoff and provides a transparent local workflow.
- [COMMAND_EXECUTION]: The skill utilizes a local Node.js script (
scripts/theme-figma.js) for tasks like parsing Figma URLs and generating handoff manifest packages. A detailed audit of this script shows it uses only standard, built-in Node.js modules (fs,path) for local filesystem operations. It contains no network operations, dynamic code execution (e.g.,eval,exec), or hardcoded credentials. - [DATA_EXFILTRATION]: The skill does not perform any network requests or access sensitive local files (such as SSH keys or environment variables). All data handling is confined to the project workspace and the provided Figma URLs.
- [PROMPT_INJECTION]: The provided instructions and reference files focus strictly on design audit, section classification, and asset management. No patterns designed to override system prompts or bypass safety guardrails were detected.
- [REMOTE_CODE_EXECUTION]: There are no patterns involving the download and execution of remote scripts. The skill relies on locally distributed code and standard development tools.
Audit Metadata