The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes external data from Figma designs via the get_design_context and get_screenshot tools. This creates a surface for indirect prompt injection where malicious instructions embedded in a design (e.g., in text layers or component names) could attempt to influence agent behavior.
Ingestion points: Figma design data retrieved via get_design_context tool calls.
Boundary markers: No explicit instruction delimiters or 'ignore embedded instructions' warnings are specified for the tool output.
Capability inventory: The skill allows file system operations (writing code for designs) and configuration modifications.
Sanitization: No explicit sanitization or filtering of design content is documented.
[DATA_EXFILTRATION]: The skill instructions guide the agent to assist users in modifying local configuration files such as ~/.config/kilo/kilo.json and project-level kilo.json files. These modifications are explicitly for setting up MCP server connections required for the skill's functionality.
[EXTERNAL_DOWNLOADS]: The agent configuration references a remote MCP server located at https://mcp.figma.com/mcp. This targets an official service from Figma, which is a well-known technology provider.

figma-implement-design