implement-design
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No attempts to bypass safety filters or override system instructions were found. The skill uses standard instructional language for a design-to-code workflow.
- [DATA_EXFILTRATION]: No sensitive file access or unauthorized data transmission detected. The skill interacts with the well-known figma.com domain and uses a local MCP server for asset retrieval, which is standard for this integration.
- [REMOTE_CODE_EXECUTION]: The skill does not perform remote code execution. Asset downloads are restricted to the Figma MCP server's built-in assets endpoint, and the skill explicitly forbids importing external icon packages.
- [INDIRECT_PROMPT_INJECTION]: The skill processes design data from external Figma URLs. While this creates a theoretical surface for instructions embedded in Figma text layers or metadata, the risk is minimal as the skill's capabilities are focused on UI generation and do not include high-risk system operations.
- Ingestion points: Data enters via
get_design_context,get_metadata, and Figma URLs inSKILL.md. - Boundary markers: None present; the skill does not explicitly instruct the agent to ignore instructions embedded within the Figma data.
- Capability inventory: No subprocess calls, file-write operations, or network-send capabilities are defined within the skill itself.
- Sanitization: No explicit sanitization or filtering of external content is mentioned.
- [EXTERNAL_DOWNLOADS]: Downloads are limited to visual assets (images/SVGs) provided by the official Figma service or the local MCP server on localhost, which are considered trusted sources.
Audit Metadata