figma-sync
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (LOW): Step 3 executes
npx playwright test, which is a shell command for visual regression testing. While standard for this workflow, shell execution poses a risk if command arguments are influenced by untrusted data. - [Prompt Injection] (LOW): Susceptibility to Indirect Prompt Injection. Evidence Chain: (1) Ingestion Points: Reads Figma file contents and design tokens from a user-provided URL in Step 1. (2) Boundary Markers: None identified in the prompt instructions to isolate external data. (3) Capability Inventory: Capability to write local files (
tokens.json,figma-drift.md) and execute shell commands (npx). (4) Sanitization: No sanitization logic for ingested Figma metadata before use in reports or file writing. - [External Downloads] (LOW): The command
npxmay download packages from the npm registry at runtime, representing a dependency on external sources.
Audit Metadata