implementing-figma-ui-tempad-dev
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Prompt Injection] (SAFE): No patterns of instruction override or safety bypass were detected. The skill contains defensive instructions to stop execution if evidence is contradictory or missing.
- [Data Exposure & Exfiltration] (LOW): The skill allows downloading assets from URLs provided by the TemPad tool. While restricted to tool-provided URLs, these destinations are not on the trusted source whitelist. It also analyzes local repository metadata for convention detection.
- [Unverifiable Dependencies] (SAFE): Explicit constraints are in place to prevent the introduction of new frameworks or styling systems without explicit user confirmation.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted design data from Figma. This creates a surface for indirect injection where a malicious design could attempt to influence the agent. Mandatory Evidence: 1. Ingestion points: Figma design data (code, structure, assets) via
tempad-devMCP and repository configuration files. 2. Boundary markers: Absent; the agent is instructed to treat MCP outputs as 'design facts'. 3. Capability inventory: File-write (code and assets) and network-read. 4. Sanitization: Not specified; relies on the agent's translation logic. - [Command Execution] (SAFE): Interactions are limited to reading repository metadata and generating code files; no arbitrary shell execution patterns were identified.
Audit Metadata