The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides installation instructions that involve cloning a repository from GitHub and running package installation via npm install. These are standard procedures for the developer utility described and originate from the author's own repository.
[EXTERNAL_DOWNLOADS]: Communication with the Figma API (api.figma.com) is demonstrated to retrieve design structures. This targets a well-known technology service and is essential for the tool's core functionality.
[CREDENTIALS_UNSAFE]: The provided code snippets illustrate how to use a FIGMA_TOKEN sourced from environment variables. This is a recognized secure practice for managing sensitive API credentials without hardcoding them.
[DATA_EXFILTRATION]: The skill's primary function is to process Figma metadata and provide it as input for external AI tools. This data flow is intentional and necessary for the stated purpose of design-to-prompt conversion.
[PROMPT_INJECTION]: The skill ingests external design data and interpolates it into prompts without explicit sanitization. While this establishes a surface for indirect prompt injection if a design file contains malicious text, it is an inherent characteristic of prompt generation tools and does not constitute a malicious implementation here.

figma-to-ai-prompter