implement-design
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Model Context Protocol (MCP) tool calls such as
get_design_context,get_metadata, andget_screenshotto interact with Figma servers. These are standard operations for its intended design-to-code purpose. - [EXTERNAL_DOWNLOADS]: The skill is instructed to download assets (images, icons, and SVGs) from sources provided by the Figma MCP server. It specifically handles
localhostURLs, which is the expected behavior when interacting with thefigma-desktoplocal MCP server. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it processes untrusted data from external Figma files.
- Ingestion points: Design data fetched via
get_design_contextfrom user-provided Figma URLs. - Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between design data (like layer names or text content) and functional instructions.
- Capability inventory: The agent has the capability to write and modify project source code, create new components, and download/execute SVG assets based on the design data.
- Sanitization: There is no mention of sanitizing or validating text content extracted from the Figma layers before it is incorporated into the code or prompt context.
Audit Metadata