design-to-code-bridge
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves design tokens and configuration from the official Timescale GitHub repository (github.com/timescale/timescale-website) to ensure code consistency. These are trusted vendor resources.
- [PROMPT_INJECTION]: The skill demonstrates an inherent surface for indirect prompt injection (Category 8) by processing external Figma design data. 1. Ingestion points: Design context is retrieved from Figma URLs via the get_design_context tool. 2. Boundary markers: There are no explicit instructions to ignore embedded commands within the design metadata. 3. Capability inventory: The skill can generate and modify source code and interact with deployment tools. 4. Sanitization: The workflow includes a manual verification checklist in Step 6 to validate the generated code against project conventions.
Audit Metadata