The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the use_figma tool to execute JavaScript code within the Figma environment. This is the core, intended functionality for Figma-based agents and is used here to automate design construction following vendor-provided patterns.
[EXTERNAL_DOWNLOADS]: The skill references Figma design URLs (e.g., figma.com) to resolve design system components. As these are official vendor domains and crucial for the skill's purpose, they are considered safe.
[DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were detected. The skill accesses local source code specifically to find Code Connect files for component mapping, which is a documented and standard design-to-code workflow.
[PROMPT_INJECTION]: The instructions do not contain any attempts to bypass safety guardrails or subvert the AI's core programming. The 'Hard gates' and 'MANDATORY' instructions are internal workflow constraints designed to ensure task accuracy and consistency.
[DYNAMIC_EXECUTION]: While the skill generates and executes JavaScript snippets via use_figma, these scripts are built from data extracted through authorized Figma APIs (like node IDs and component keys) to perform layout and styling operations. This behavior is consistent with the skill's primary function and follows the vendor's prescribed automation model.

figma-generate-design