design
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and process untrusted external data from various sources.
- Ingestion points: The skill processes external data via commands like
/design-review <file or screenshot>,/figma <URL>,/ux-audit <brief>, and/site-to-figma(SKILL.md, references/figma-workflow.md). - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted content from the agent's instructions, nor are there warnings to ignore potentially embedded commands in the processed files.
- Capability inventory: The skill has access to powerful capabilities including file system writing (token generation), network operations (Firebase Hosting, preview server), and subprocess execution (
npm,npx) (references/deployment.md). - Sanitization: No explicit sanitization or validation of the content extracted from Figma URLs or external HTML files is mentioned in the instruction set.
- [COMMAND_EXECUTION]: The skill facilitates the execution of local commands for development workflows.
- It uses
npx serveandnpm run devto start local preview servers for design verification (references/deployment.md). - It provides a troubleshooting command using
lsof,grep, andkillto manage occupied local ports used by the Figma Desktop Bridge (references/figma-creation.md). - [EXTERNAL_DOWNLOADS]: The skill references and downloads assets from several well-known and trusted services.
- Typography: Connects to
fonts.googleapis.comandfonts.gstatic.comfor font loading (references/deployment.md). - Icons: Fetches Lucide icons via CDN (SKILL.md).
- Tools: Integrates with official Figma and Firebase platforms for design extraction and site deployment.
Audit Metadata