design-builder
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill addresses potential indirect prompt injection by establishing an 'External Content Trust Boundary' in
SKILL.md. This instructs the agent to treat data from URLs and images as raw reference material and to ignore any directives found within that data. - [COMMAND_EXECUTION]: Uses standard
npxcommands to runhttp-serverfor local previews and manages project scaffolding by detecting existing framework configurations inpackage.json. - [EXTERNAL_DOWNLOADS]: Facilitates design export through the
figma-dev-mode-mcp-server, a specialized tool for Figma integration. This follows a transparent, user-guided setup process.
Audit Metadata