design-screen
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard developer workflows for UI design and project onboarding. It leverages project-specific conventions and established tools (like the Figma MCP) while maintaining explicit constraints against harmful actions such as pushing code or making production changes.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external Figma URLs, which serves as a potential vector for indirect prompt injection if design metadata is maliciously crafted.\n
- Ingestion points: Design context and component metadata retrieved via the Figma MCP tools (
SKILL.md,references/actions/spec.md).\n - Boundary markers: The skill processes data using strict specification templates, though it does not explicitly define sanitization routines for raw design strings.\n
- Capability inventory: The agent is granted permissions to write files within the project directory and execute shell commands for build and lint verification (
SKILL.md,references/actions/ship.md).\n - Sanitization: No specific filtering or validation steps for input data originating from Figma designs are detailed in the implementation steps.
Audit Metadata