implementing-design
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting and processing data from external Figma design files.
- Ingestion points: Design context, layer names, and variable definitions are retrieved via Figma MCP tools such as
get_design_contextandget_variable_defs. - Boundary markers: The instructions lack explicit boundary markers or directions to treat design metadata as untrusted, which could allow instructions hidden in Figma nodes to influence the agent's output.
- Capability inventory: The agent is authorized to generate React/Tailwind code and directly modify local configuration files like
globals.cssandtailwind.config.ts. - Sanitization: There are no specified sanitization or validation steps to ensure that extracted design data does not contain malicious code or instructions before being interpolated into code templates or configuration files.
Audit Metadata