figma-prototype

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's workflow involves reading screen specifications from the specs/pages/ directory to generate prototypes. This represents a surface for indirect prompt injection where malicious instructions embedded in specifications could influence the agent's behavior.
  • Ingestion points: Reads external data from the specs/pages/ directory (SKILL.md).
  • Boundary markers: Absent; no instructions are provided for the agent to treat the imported specification data as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill utilizes the use_figma tool to modify design files and executes shell commands using the memi CLI (SKILL.md).
  • Sanitization: No explicit sanitization, validation, or filtering of the specification content is mentioned.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local commands using the memi CLI tool for generating HTML prototypes and creating architectural documentation.
  • Evidence: Use of memi prototype, memi spec page, and memi ia create commands within the workflow instructions (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 09:48 PM