design-to-code
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructions require users to provide their Figma Personal Access Token as a direct command-line argument. This is a dangerous practice as it exposes the secret in the shell's command history and process monitoring tools.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the 'coderio' package from the npm registry. This is not a recognized trusted source, and the package's behavior is opaque.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection. 1. Ingestion points: Design data and component metadata are fetched from the Figma API via coderio-skill.mjs. 2. Boundary markers: None are present; the skill lacks delimiters or 'ignore' instructions when processing design data. 3. Capability inventory: The skill can write arbitrary React code to the file system and scaffold new project files. 4. Sanitization: No sanitization is performed on text content from the design, which is used to name components and generate logic.
- [COMMAND_EXECUTION] (MEDIUM): The workflow relies on a local helper script (coderio-skill.mjs) to execute file system writes and generate prompts based on external inputs.
Recommendations
- AI detected serious security threats
Audit Metadata