Figma to Streamlit Component
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (XSS) through its design-to-code workflow.
- Ingestion points: Design specifications are ingested from external Figma files using the
figmaMCP server inSKILL.md. - Boundary markers: No explicit delimiters or boundary markers are defined for the fetched design data.
- Capability inventory: Generated components use
st.markdown(..., unsafe_allow_html=True)as seen inghl_real_estate_ai/streamlit_demo/components/primitives/lead_score_card.pyand various templates. - Sanitization: The logic lacks sanitization or escaping of the Figma-derived data before it is embedded in HTML strings.
- [COMMAND_EXECUTION]: The skill documents a "Self-Correction Verification Loop" in
SKILL.mdthat involves the automated execution of generated code within a Playwright environment. This promotes the execution of AI-generated code, which is a potential security risk if the generation instructions are compromised.
Audit Metadata