The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/arrange-component-set.js utilizes the Figma Plugin API to manage canvas elements. It clones component variants, removes the original component set, and constructs a new titled container with auto-layout frames and text labels. These operations are documented and necessary for the skill's functionality.
[INDIRECT_PROMPT_INJECTION]: The skill features a surface for indirect prompt injection by ingesting and rendering variant property names. 1. Ingestion points: Variant property names are parsed from variant.name in scripts/arrange-component-set.js. 2. Boundary markers: Property values are directly interpolated into text labels without protective delimiters. 3. Capability inventory: The script has permissions to modify the Figma canvas, including creating and deleting nodes. 4. Sanitization: There is no validation or sanitization of the variant property strings. Given the usage context in design documentation, the risk is minimal.

figma-arrange-component-set