Skills
skills/nvillapiano/component-contracts-figma/cc-figma-component/Gen Agent Trust Hub

cc-figma-component

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill explicitly instructs the agent to use 'new Function(code)()' to execute dynamically generated or chunked JavaScript code within the Figma plugin sandbox environment, as detailed in Section 8 (Known Constraints).
  • [COMMAND_EXECUTION]: The cleanup procedure in Phase 7 utilizes shell commands like 'npx rimraf' and 'rm -f' to delete generated script files and temporary directories.
  • [EXTERNAL_DOWNLOADS]: The skill invokes 'npx rimraf' during the cleanup phase, which may result in downloading the 'rimraf' package from the public npm registry if it is not locally available.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from component contract JSON files and incorporates that data into generated Figma components and scripts. \n
  • Ingestion points: Contract files read from the CONTRACTS_DIR during Phase 0 discovery. \n
  • Boundary markers: Absent; there are no specified delimiters or 'ignore' instructions for the contract content. \n
  • Capability inventory: The skill can interact with the Figma API via 'use_figma', generate/execute code, and perform file system operations. \n
  • Sanitization: Absent; the instructions do not define validation or escaping for contract field values before they are used in code generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 03:15 AM