figma-to-generateblocks
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's core purpose is to ingest and process untrusted data from external sources provided by the user.
- Ingestion points: Figma URLs, exported CSS, design images, and brand guidelines described in
CLAUDE.md. - Boundary markers: None specified in the instructions to help the agent distinguish between design data and potential malicious instructions embedded in CSS or descriptions.
- Capability inventory: The skill itself has no active capabilities (no file-write or subprocess calls), but it influences the agent's code generation output for GenerateBlocks.
- Sanitization: No mention of sanitizing or escaping the content derived from the Figma assets before processing.
- [No Code Execution] (SAFE): The provided file is strictly informational markdown.
- Evidence: Analysis of
CLAUDE.mdshows no shell commands, script blocks, or package manager references. - [Metadata/Context Persistence] (INFO): The skill includes a
<claude-mem-context>block, indicating use of a 'claude-mem' tool. - Risk: While the skill itself is passive, the use of a persistent memory mechanism that stores untrusted design data could theoretically facilitate cross-session poisoning if the underlying memory tool lacks sanitization.
Audit Metadata