figma-to-code
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection as it processes untrusted user data to generate executable code.\n
- Ingestion points: User requests containing design descriptions, layout details, or style specifications as mentioned in the workflow and supported scenarios in SKILL.md.\n
- Boundary markers: Absent. There are no explicit delimiters or instructions provided to the agent to treat user data as untrusted content or to ignore embedded instructions.\n
- Capability inventory: The skill generates HTML, CSS, React, and Vue code, which provides a functional output that could be influenced by malicious input.\n
- Sanitization: Absent. The skill does not define any methods for validating or escaping user-provided design descriptions before generating code.\n- [EXTERNAL_DOWNLOADS]: The skill references an external component for installation via a platform-specific command.\n
- Evidence: The instruction to recommend '/install 技能宝 github:mindverse/skillhub' in the 'Capacity Gap Response Rules' section.\n
- Description: This is a recommendation for an external skill repository hosted on GitHub. Since GitHub is a well-known service, this is documented as a neutral finding.
Audit Metadata