atomic-design
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a high-risk attack surface for processing malicious instructions embedded in design data.
- Ingestion points: Ingests external design metadata and code connect snippets via
figma.get_nodeandfigma.get_code_connect_map. - Boundary markers: Absent. The skill lacks instructions to delimit Figma content or warn the agent against following instructions found within it.
- Capability inventory: The agent is authorized to create and write
.tsxand.cssfiles in the project structure (e.g.,src/design-system/). - Sanitization: Absent. There are no guidelines or logic for escaping or validating the content retrieved from Figma before it is written to the filesystem.
- Ingestion points: Ingests external design metadata and code connect snippets via
- Prompt Injection (SAFE): The skill uses authoritative language to enforce design fidelity, but no malicious pattern for bypassing safety filters or overriding core instructions was found.
- Data Exposure (SAFE): No hardcoded credentials, API keys, or access to sensitive local file paths (like SSH or AWS configs) were detected.
- Dependencies & RCE (SAFE): The skill does not perform external downloads, remote script execution, or unverifiable package installations.
Recommendations
- AI detected serious security threats
Audit Metadata