figma-designer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill inherits a potential for indirect prompt injection by ingesting data from external Figma files (e.g., frame names or component descriptions) which it then uses to generate PRDs and code.
- Ingestion points: Data is ingested via figma_get_file, figma_get_nodes, and figma_get_components in the Phase 1 workflow (SKILL.md).
- Boundary markers: There are no explicit delimiters used to separate untrusted Figma data from system instructions.
- Capability inventory: The skill possesses powerful capabilities including Bash, Write, Edit, and WebFetch (SKILL.md).
- Sanitization: No sanitization or validation logic is specified for the external design data before it is processed.
Audit Metadata