The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests user-controlled component descriptions from the Figma environment and returns them to the agent context, creating a potential indirect prompt injection surface.
Ingestion points: Component descriptions are read in scripts/audit-accessibility.js.
Boundary markers: The data is provided to the agent in a standard JSON format without explicit delimiters or instructions to ignore instructions embedded in the description.
Capability inventory: While this skill's scripts use the Figma Plugin API in a read-only manner, the agent possessing this data may have access to other tools with broader system capabilities.
Sanitization: The description string is truncated to a maximum of 200 characters before being processed.

figma-audit-accessibility