Skills
skills/coltonbatts/vcr/vcr-figma-workflow/Gen Agent Trust Hub

vcr-figma-workflow

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill requires the agent to run cargo build to compile binaries (vcr, figma-vcr-workflow) and then execute them from the local path. This dynamic execution of generated binaries is a security risk if the source code's provenance is not verified.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from Figma designs and external prompt contexts to generate VCR artifacts.
  • Ingestion points: Figma design data and user-provided prompt context via the figma-vcr-workflow binary.
  • Boundary markers: Absent; no specific delimiters are mentioned to separate instructions from design data.
  • Capability inventory: Compilation (cargo build), file system writes (-o renders/...), and binary execution.
  • Sanitization: Absent; the workflow relies on the vcr check command for validation after generation rather than sanitizing inputs before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 08:34 PM