figma-implement-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Detected a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted design data enters the agent context via the Figma MCP server URL defined in
agents/openai.yaml. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the
default_prompt. - Capability inventory: The skill is designed to implement code directly into the local codebase, which involves file-write capabilities.
- Sanitization: No sanitization, escaping, or validation of the design content is implemented in the provided configuration.
Audit Metadata