create-design-system-rules
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch design data, screenshots, and image assets from the Figma MCP server. These operations are performed via standard tool calls to a trusted vendor (Figma) and are essential for the skill's functionality.
- [COMMAND_EXECUTION]: The skill requires calling the
create_design_system_rulestool on the Figma MCP server to retrieve templates and foundational prompts. This is a standard and expected use of an MCP server. - [PROMPT_INJECTION]: The skill uses instructional markers such as 'IMPORTANT:' and 'Required Flow (do not skip)' to guide the agent in generating high-quality rules. These do not attempt to bypass safety filters or override system-level constraints; rather, they serve as formatting and quality control instructions for the task at hand.
- [DATA_EXPOSURE]: The skill involves analyzing the local codebase (e.g., directory structures, styling files, and component organization) to tailor the generated rules. This is restricted to public project files (e.g.,
tailwind.config.js,src/components) and does not target sensitive user credentials or system secrets.
Audit Metadata