figma-to-design-init
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs 'playwright' and 'pixelmatch' globally via npm. These are well-known, industry-standard tools for visual regression testing and are appropriate for the skill's stated purpose of visual verification.
- [COMMAND_EXECUTION]: Utilizes Bash tools (Grep, Glob, and shell commands) to perform project-wide searches for styling patterns, API configurations, and component exports.
- [DATA_EXFILTRATION]: While the skill analyzes 'package.json' and API utility files for patterns like error handling and loading states, it is designed to record metadata about the architecture (e.g., 'toast' or 'react-query-isLoading') rather than extracting actual secrets or API keys. No network exfiltration patterns were detected.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted external data (CSS files, component source code, and Figma variables).
- Ingestion points: Reads component files, package.json, and CSS files during project scanning.
- Boundary markers: None present; the skill treats codebase content as structured data for extraction.
- Capability inventory: Uses Bash for scanning and Write/Edit to generate the '.claude/design-tokens/design-tokens.json' file.
- Sanitization: No explicit sanitization of codebase content is mentioned before it is processed for token extraction.
Audit Metadata