design-to-code
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on several shell commands for environment setup and script execution, including directory creation and dependency installation via pnpm.\n- [EXTERNAL_DOWNLOADS]: The configuration in scripts/package.json uses the 'latest' tag for the 'coderio' dependency, which results in the automatic download and execution of the newest version of an external package from a non-trusted source during the setup phase.\n- [CREDENTIALS_UNSAFE]: The documentation instructs users to provide their Figma Personal Access Token as a plaintext command-line argument to the fetch-figma command, potentially exposing it in shell history or process listings.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its handling of external Figma data.\n
- Ingestion points: Document metadata and text content are retrieved from the Figma API by the scripts/coderio-skill.mjs script.\n
- Boundary markers: The prompt generation logic does not utilize delimiters or specific instructions to isolate or ignore potentially malicious content within the fetched design data.\n
- Capability inventory: The skill possesses the capability to write files to the local filesystem (e.g., src/ and scripts/ directories) using the save-code function.\n
- Sanitization: There is no evidence of sanitization or validation of the data extracted from the Figma document before it is interpolated into LLM prompts.
Audit Metadata