superpower

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill invokes npx shadcn@latest, which downloads and executes the shadcn CLI from the npm registry. This is a standard and well-known tool in the React ecosystem for managing UI components.
  • [COMMAND_EXECUTION]: Uses the author's specific memi CLI tool for design token management and code generation (memi generate, memi pull, etc.). These commands are associated with the project's own repository (github.com/sarveshsea/memi).
  • [PROMPT_INJECTION]: The skill defines a "Freedom Level: Maximum" which is qualified by instructions to respect host security policies and sandboxing. Additionally, the skill has an indirect prompt injection surface: * Ingestion points: Data is read from Figma via get_design_context, figma_search_components, and figma_get_variables. * Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present for the ingested design data. * Capability inventory: The skill can execute shell commands (npx, memi), write to the file system (memi generate), and modify the Figma canvas (use_figma). * Sanitization: No sanitization or validation of external Figma content is mentioned before it influences automated orchestration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 09:48 PM