pixel-perfect-ui
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill implements a high-privilege workflow where external content from Figma is used to generate React components.
- Ingestion points:
scripts/extract-component.pyprocessesdesign_dataintended to be fetched from the Figma API (referenced inreferences/checklist-template.mdviamcp0_get_design_context). - Boundary markers: None. The script uses direct string interpolation to place external design values into React templates.
- Capability inventory: The script performs file-write operations to save generated
.tsxor.jsxfiles to the local disk (scripts/extract-component.py). - Sanitization: Absent. There is no validation or escaping of the design data before it is written into the component code, allowing a malicious design source to inject arbitrary logic into the user's codebase.
- [Command Execution] (MEDIUM): The Python scripts perform significant filesystem operations, including directory creation and writing files that are intended to be part of an active application's source code. This represents a risk if the generation process is subverted.
- [External Downloads] (LOW): The
scripts/visual-compare.pyscript relies onnumpyandPillow(PIL). While these are standard libraries for image processing, they are external dependencies that are not included in the standard Python library.
Recommendations
- AI detected serious security threats
Audit Metadata