figma-make-website-builder
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided website metadata into subsequent AI instructions.
- Ingestion points: User-defined inputs such as 'website type' and 'brand attributes' from the initial phase are propagated through the entire workflow to influence downstream outputs.
- Boundary markers: The prompt engineering templates provided in 'references/phase-5-prompt-engineering.md' lack explicit delimiters or instructions to ignore embedded commands within the user-supplied parameters.
- Capability inventory: The skill is capable of generating persistent database schemas (SQL), React component logic, and natural language prompts for third-party design tools.
- Sanitization: There is no evidence of validation or filtering logic to prevent potentially malicious instructions in the user's site description from being executed by the AI during prompt generation.
- [EXTERNAL_DOWNLOADS]: The skill documentation and technical references suggest the integration of the official Supabase JavaScript client library and other well-known services (such as Vercel and Clerk) for core application functionality.
Audit Metadata