wds-6-asset-generation
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Model Context Protocol (MCP) to interact with design tools. It references specific tools like
mcp2_import-htmlto export generated designs to Figma. These operations are consistent with the skill's stated purpose of asset generation. - [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install legitimate packages such as
@modelcontextprotocol/server-figmaand@wds/figma-mcp-server. These are part of the official setup for the intended toolchain and do not represent a supply chain risk. - [PROMPT_INJECTION]: The skill contains 'MANDATORY EXECUTION RULES' and 'Universal Rules' which act as benign internal constraints to ensure the agent adheres to the multi-step strategic workflow. These do not attempt to bypass LLM safety filters.
- [CREDENTIALS_UNSAFE]: The skill documentation discusses the use of API tokens for Figma integration but follows best practices by instructing users to use environment variables (e.g.,
FIGMA_PERSONAL_ACCESS_TOKEN) rather than hardcoding credentials.
Audit Metadata