The Agent Skills Directory

[COMMAND_EXECUTION]: The use_figma tool enables the execution of JavaScript directly against the Figma Plugin API to perform write operations. While intended for creating and modifying design elements, this provides a mechanism for dynamic code execution based on agent-generated or design-derived content.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data from Figma frames and tokens that may be controlled by third parties.
Ingestion points: Untrusted design data is ingested from Figma via the get_design_context, get_variable_defs, and get_code_connect_data tools.
Boundary markers: The instructions do not specify any boundary markers or instructions for the agent to ignore or isolate commands embedded within Figma metadata or node names.
Capability inventory: The agent has access to use_figma (JS execution), generate_figma_design (remote network writes), and standard file system operations for implementation.
Sanitization: There are no requirements or steps provided to sanitize or validate the design context before it is used to influence code implementation or write-back operations.
[EXTERNAL_DOWNLOADS]: The skill documentation references an external 'alpha plugin zip' as a necessary dependency for enabling the figma-use capability, which constitutes a reference to an unverified external resource.

figma-augment-parallel