design-auditor
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from external sources using 'web_fetch' to perform audits on live websites, GitHub files, and Storybook components. This behavior is documented as part of its core functionality for reviewing web-based designs.
- [COMMAND_EXECUTION]: The skill uses Figma MCP tools such as 'perform_editing_operations' and 'create_design_system_rules' to modify design files. These tools allow the agent to apply fixes (e.g., updating font sizes, colors, or padding) directly to Figma nodes after user confirmation.
- [CREDENTIALS_UNSAFE]: The 'URL Input Spec' includes logic for handling authenticated audits where a user might provide credentials to access a login-walled site. The skill explicitly instructs the agent never to repeat these credentials in the output and to handle them as sensitive data.
- [SAFE]: All identified operations, including network requests to GitHub and Figma MCP usage, align with the primary purpose of the skill as a design auditing and remediation tool. The instructions include significant safety checks and confirmation loops for all write operations.
Audit Metadata