figma-design-sync
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
agent-browserCLI commands to perform web navigation, capture snapshots, and take screenshots for visual analysis.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core functionality of processing content from external URLs.\n - Ingestion points: Data is ingested from external web pages via
agent-browserand design specifications are pulled from Figma designs via an MCP.\n - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted external content from the agent's internal logic.\n
- Capability inventory: The skill is authorized to perform shell command execution and modify local source code files (e.g., CSS, ERB, Tailwind).\n
- Sanitization: No mechanism for sanitizing or filtering text content from the designs or websites is provided before it is processed by the model.
Audit Metadata