figma-design-sync
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
agent-browserCLI to navigate to web URLs, take snapshots, and capture screenshots (agent-browser open,agent-browser snapshot,agent-browser screenshot). This is a core part of its visual comparison functionality. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing content from external sources.
- Ingestion points: Figma design specifications (via Figma MCP) and web page content/metadata (via
agent-browser). - Boundary markers: None identified. The agent is instructed to extract and analyze design properties directly from these external environments.
- Capability inventory: The skill has permissions to modify local source code (CSS, Tailwind, HTML/ERB files) and execute browser-based commands.
- Sanitization: No explicit validation or sanitization logic is present to filter instructions that might be embedded in Figma text nodes or web page content.
- [SAFE]: All identified behaviors—including external network access to Figma, browser automation, and local file modification—are consistent with the primary purpose of a design-sync agent. The skill uses recognized tools and follows standard developer workflows.
Audit Metadata