figma-ds-rules
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read existing repository instructions and codebase conventions. This creates an indirect prompt injection surface where instructions embedded in those files could attempt to influence the agent's behavior. However, the skill explicitly directs the agent to separate project facts from unverified assumptions and generic preferences to mitigate this risk.
- [EXTERNAL_DOWNLOADS]: The skill references the official Figma MCP server guide on GitHub (github.com/figma/mcp-server-guide) and Figma's developer documentation. These are well-known and trusted resources used to synchronize repository rules with upstream design system standards.
Audit Metadata