The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted metadata (names and descriptions) from Figma files, which is a potential surface for indirect prompt injection.
Ingestion points: The script scripts/inventory.js extracts strings from Figma components and variables via the Plugin API.
Boundary markers: Absent; design content is returned as structured JSON but strings are not wrapped in delimiters.
Capability inventory: The script is limited to read-only access within the Figma Plugin environment and does not have network or file system capabilities.
Sanitization: No sanitization is applied to strings retrieved from the Figma file.
Context: This risk is inherent to the skill's primary purpose of design system auditing and is considered a baseline risk for data-processing tools.
[SAFE]: The skill logic is transparent and relies on the official Figma Plugin API. It does not use obfuscation, external dependencies, or persistence mechanisms.

design-system-inventory-figma