openspec-design
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to update the
openspec/AGENTS.mdfile to include a design asset workflow. This is a configuration management task consistent with its stated purpose and does not involve malicious intent. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests data from external Figma links and local file paths.
- Ingestion points: User-provided Figma URLs (e.g.,
figma.com/design/...) and local image paths; design metadata (node names, descriptions) fetched from the Figma API via MCP tools. - Boundary markers: No specific delimiters or "ignore previous instructions" warnings are implemented to prevent the agent from obeying instructions that might be embedded in Figma design metadata.
- Capability inventory: The agent utilizes
call_mcp_toolfor Figma API access, creates directories, writes files (design-map.md), and performs file copy operations. - Sanitization: No explicit sanitization or validation of the content retrieved from external design files is performed before it is interpolated into the generated design summary documentation.
Audit Metadata