figma-design-to-code
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted design evidence (markup, styles, tokens) from the TemPad Dev MCP (
tempad-dev:get_code), creating an attack surface for indirect prompt injection. Maliciously crafted Figma designs could contain instructions intended to override agent behavior during code generation. - Ingestion points: Output from
tempad-dev:get_codeand local project files (e.g.,AGENTS.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the ingested data.
- Capability inventory: The skill can write UI code to the project and download asset files from external URLs.
- Sanitization: No explicit sanitization of fetched design data is mentioned before its use in the implementation process.
- [EXTERNAL_DOWNLOADS]: The skill is configured to download asset bytes from URLs provided by the vendor's TemPad Dev MCP (
asset.url). While the instructions restrict downloads to these URLs and advise against using public internet assets, the skill relies on the integrity of the vendor's asset server.
Audit Metadata