The Agent Skills Directory

[SAFE]: The skill is primarily instructional documentation covering Figma component architecture, design token pipelines, and the Model Context Protocol (MCP).
[EXTERNAL_DOWNLOADS]: The documentation references official packages and tools from trusted organizations and well-known services, such as @anthropic/figma-mcp-server, @figma/code-connect, and style-dictionary. These references are provided for legitimate integration purposes.
[COMMAND_EXECUTION]: The skill provides example CLI commands (e.g., npm run tokens:build, npx figma connect publish) and GitHub Actions configurations. These are standard developer workflows and do not contain hidden or malicious payloads.
[CREDENTIALS_UNSAFE]: The references correctly instruct users to manage sensitive credentials like FIGMA_ACCESS_TOKEN, NPM_TOKEN, and AWS_ACCESS_KEY_ID using environment variables and secret managers, which is a security best practice.
[PROMPT_INJECTION]: No evidence of prompt injection or instructions designed to bypass agent safety filters was detected. The language is professional and focused on design engineering technicalities.
[DATA_EXFILTRATION]: No network exfiltration patterns were identified. The network operations described (e.g., webhook triggers, GitHub repository dispatches) are standard parts of a CI/CD pipeline architecture.

figma-design-tool-workflows