pixel
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill package contains only Markdown documentation and instructional references; no executable scripts, binaries, or source code are provided within the skill files themselves.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it instructs the agent to process data from external sources, specifically Figma design context and user prompts.
- Ingestion points: Figma design data and visual references extracted via the get_design_context and get_screenshot MCP tools as described in SKILL.md.
- Boundary markers: Absent; the instructions do not provide specific delimiters or ignore-behavior rules for the agent when interpreting instructions that might be embedded in the design metadata or descriptions.
- Capability inventory: The agent is tasked with generating functional Vue 3 and Nuxt component code, which is a significant capability if the agent is influenced by malicious design data.
- Sanitization: Absent; the skill lacks specific steps for validating or filtering content retrieved from the Figma API before it is used to generate code.
Audit Metadata