figma-component-sync
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of external design data.\n- Ingestion points: Design metadata, layout structure, and text content are extracted from Figma URLs and node-ids via the Figma MCP tool (Step 3).\n- Boundary markers: The workflow lacks explicit delimiters or instructions to treat the extracted Figma content as untrusted data rather than agent instructions.\n- Capability inventory: The agent has the capability to write and modify React components (
.tsx), Storybook stories (.stories.tsx), and metadata files (figma-spec.json) in the local codebase.\n- Sanitization: No validation or sanitization of text layers or property values extracted from Figma is performed before they are interpolated into code generation prompts.
Audit Metadata