figma-design-sync
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes external website content, creating a surface for potential indirect prompt injection where an attacker could embed instructions in a target webpage.
- Ingestion points: Untrusted data enters the agent context via
agent-browser open [url]and subsequent screenshots or snapshots as described in SKILL.md. - Boundary markers: Absent; there are no explicit delimiters or instructions provided to the agent to ignore or isolate content found on the target implementation page.
- Capability inventory: The skill possesses the capability to modify local source code (CSS/Tailwind) and execute browser CLI commands.
- Sanitization: Absent; external content retrieved from the implementation URL is processed and analyzed without sanitization or validation logic.
- Command Execution (SAFE): The use of
agent-browserfor visual capture and snapshotting is consistent with the skill's primary purpose and does not demonstrate malicious patterns.
Audit Metadata