Skills
skills/bitwarden/clients/figma-to-angular/Gen Agent Trust Hub

figma-to-angular

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from external Figma URLs provided by users. This data is ingested via the get_design_context tool and used to generate component code.
  • Ingestion points: External Figma design data retrieved via get_design_context (Phase 1).
  • Boundary markers: The instructions state that the retrieved code should be treated as a 'structural reference only', but there are no explicit delimiters or instructions to ignore embedded prompts within the Figma metadata.
  • Capability inventory: The skill has capabilities to write files to the local file system (Phase 5) and interact with the browser via Playwright (Phase 6).
  • Sanitization: No specific sanitization or validation of the fetched Figma content is mentioned before it is used to generate code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 01:04 PM