The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled script located at ~/.claude/skills/fe-design-diff/vrt.mjs using the node runtime. Several arguments for this command, including --story-url and --viewport, are derived from external Figma metadata. While the skill hyphenates the storyId and rounds viewport dimensions, improper sanitization of other Figma fields (like node IDs) could theoretically be exploited if the agent executes the command via a shell.
[PROMPT_INJECTION]: Indirect injection surface exists because the skill ingests component names and properties from the Figma API to generate source code. Maliciously crafted Figma component names or variant values could attempt to influence the generated code's logic or the agent's reasoning.
Ingestion points: Figma node metadata and properties (via REST API or MCP).
Boundary markers: The skill explicitly labels Figma content as untrusted in the documentation, though it does not specify technical delimiters for prompt interpolation.
Capability inventory: File writing (React components, Storybook stories), shell execution (node vrt.mjs), and network access (Figma REST API).
Sanitization: Component IDs are hyphenated/lowercased for URL generation, and bounding box values are cast to integers.
[EXTERNAL_DOWNLOADS]: The skill relies on external Node.js dependencies including sharp, playwright, pixelmatch, and pngjs. It follows security best practices by checking for their presence and alerting the user rather than performing automated, silent installations.

fe-design-code