The Agent Skills Directory

[SAFE]: The skill serves as a comprehensive developer reference for the Figma Plugin API, offering boilerplate code and safety guidelines (e.g., Rule 14 on error recovery and Rule 17 on awaiting Promises). All code snippets are consistent with standard Figma development practices.
[SAFE]: No hardcoded credentials, sensitive file access, or unauthorized network operations were detected. The skill utilizes Figma's official API for internal resource management.
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by instructing the agent to ingest and process node names, descriptions, and other metadata from Figma files.
Ingestion points: Untrusted data enters the agent context via node.query(), findAll(), and property reads (e.g., node.name) as documented in references/component-patterns.md and references/common-patterns.md.
Boundary markers: The instructions do not define delimiters or provide specific warnings to ignore instructions that might be embedded in the node data.
Capability inventory: The skill uses the use_figma tool, which has the capability to write to the Figma canvas and modify document structures.
Sanitization: No logic is provided to sanitize or validate strings retrieved from Figma nodes before processing.

figma-use