superpower
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill invokes
npx shadcn@latest, which downloads and executes the shadcn CLI from the npm registry. This is a standard and well-known tool in the React ecosystem for managing UI components. - [COMMAND_EXECUTION]: Uses the author's specific
memiCLI tool for design token management and code generation (memi generate,memi pull, etc.). These commands are associated with the project's own repository (github.com/sarveshsea/memi). - [PROMPT_INJECTION]: The skill defines a "Freedom Level: Maximum" which is qualified by instructions to respect host security policies and sandboxing. Additionally, the skill has an indirect prompt injection surface: * Ingestion points: Data is read from Figma via
get_design_context,figma_search_components, andfigma_get_variables. * Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present for the ingested design data. * Capability inventory: The skill can execute shell commands (npx,memi), write to the file system (memi generate), and modify the Figma canvas (use_figma). * Sanitization: No sanitization or validation of external Figma content is mentioned before it influences automated orchestration.
Audit Metadata