figma-driven-nextjs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script (
scripts/install.sh) used for project setup and dependency management during the installation process. - Evidence: The script executes
npx create-next-app@latestandnpm installto prepare the development environment. - [EXTERNAL_DOWNLOADS]: The skill fetches templates and UI libraries from official package registries and established technology companies.
- Evidence: Downloads
motion,lucide-react, and@supabase/supabase-jsfrom the NPM registry. - Context: These are well-known libraries from trusted sources.
- [PROMPT_INJECTION]: The skill possesses a data ingestion surface that processes external design files, which could potentially contain malicious instructions.
- Ingestion points: Figma file links and MCP design data, as mentioned in the
SKILL.mdtriggering conditions. - Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to ignore embedded commands within the design metadata or content.
- Capability inventory: The skill has the capability to write code files, generate project structures, and execute shell commands via its installation and configuration scripts.
- Sanitization: No explicit sanitization or validation mechanisms are implemented for the data retrieved from external Figma design sources.
Audit Metadata