Skills
skills/edenspiekermann/skills/apply-design-system/Gen Agent Trust Hub

apply-design-system

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the use_figma tool to execute JavaScript snippets for querying and modifying Figma documents. This is a primary function of the skill but involves running code in the Figma plugin environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its reliance on external data from Figma designs.\n
  • Ingestion points: Metadata, component names, and property keys are retrieved using get_metadata and use_figma from the target Figma file (SKILL.md).\n
  • Boundary markers: The instructions lack delimiters or constraints to prevent the agent from following instructions potentially embedded in design components or text layers.\n
  • Capability inventory: The skill can perform complex modifications to Figma files, including importing components and swapping instances via use_figma and importComponentByKeyAsync (SKILL.md).\n
  • Sanitization: No input validation or sanitization is performed on the data retrieved from the design system or target frame before it is used to drive the workflow logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 10:31 PM