qt-figma-component-generation
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate development tool for automating the creation of QML files from Figma designs. It uses project-specific singletons (Theme.qml, Spacing.qml) and Figma-verified references to generate consistent code.
- [PROMPT_INJECTION]: Analysis of SKILL.md found no instructions attempting to override agent safety protocols or system behavior. The prompts are strictly confined to the component generation workflow.
- [DATA_EXFILTRATION]: No unauthorized network operations or access to sensitive local files were detected. The skill uses the Figma MCP for legitimate design data retrieval.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Figma. 1. Ingestion points: Figma MCP tools (get_metadata, get_design_context). 2. Boundary markers: Workflow utilizes an inventory table and specific mapping rules to handle data. 3. Capability inventory: Filesystem write access to the components/ directory. 4. Sanitization: Figma metadata is mapped to QML properties and text components.
Audit Metadata