figma-design-generate
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bash(*)tool to allow the agent to start and manage local development servers. This provides the agent with unrestricted shell access to the host environment, which is a high-privilege capability intended for setting up the UI state before capture. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests and processes content from external web applications (both local and production) during the UI capture process.
- Ingestion points: The skill captures UI data from arbitrary web pages via browser-based tools.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying malicious instructions embedded within the captured UI text or metadata.
- Capability inventory: The skill possesses high-impact capabilities including broad shell access (
Bash(*)) and file system access (Write). - Sanitization: The instructions do not specify any sanitization or validation of the content retrieved from external sites before it is processed or used to influence subsequent agent actions.
Audit Metadata