The Agent Skills Directory

[Trusted Vendor Resource]: This skill is authored by OpenAI and serves a legitimate utility for design system orchestration. All included scripts and reference materials are focused on standard Figma Plugin API operations.
[Human-in-the-loop Mitigations]: The skill strictly enforces a multi-phase workflow (Discovery, Foundations, Structure, Components, Integration). Every transition between phases, especially after initial codebase discovery, requires an explicit user checkpoint. This architecture prevents autonomous or unintended modifications to the design library based on codebase content.
[Standard API Usage]: The included JavaScript scripts (bindVariablesToComponent.js, createSemanticTokens.js, etc.) utilize standard Figma API methods for variable binding and node creation. No obfuscation, dynamic remote code execution, or unauthorized network operations were detected.
[Data Handling]: While the skill analyzes local codebase files to extract tokens and component definitions (Phase 0), this data is used to propose a plan to the user rather than being executed directly. This approach successfully addresses potential indirect prompt injection concerns by maintaining human oversight of the data ingestion process.
[Persistence and Privileges]: The skill does not attempt to gain elevated privileges or establish persistence on the host system. It operates entirely within the scope of the agent's Figma tool integration.

figma-generate-library