The Agent Skills Directory

[SAFE]: The skill establishes a legitimate and safety-oriented developer workflow. It mandates the use of confirmed Figma data over visual guessing and requires the agent to document assumptions, which reduces the likelihood of errors.\n- [PROMPT_INJECTION]: The skill processes external design data from Figma via MCP tools (e.g., get_design_context, get_code_connect_map), constituting an indirect prompt injection surface. However, the risk is mitigated by instructions requiring strict adherence to CodeConnect snippets and layer properties. Capability inventory includes file system access for code generation, ReadLints for verification, and optional browser automation (Playwright/Puppeteer) for visual comparison. No explicit sanitization of external text content is mentioned, but the workflow includes mandatory verification steps and user guidance checkpoints.\n- [EXTERNAL_DOWNLOADS]: The skill references https://picsum.photos/ for placeholder images. This is a well-known and widely used technology service for developers and does not pose a security risk in this context.\n- [COMMAND_EXECUTION]: The instructions involve running ReadLints and potentially using browser automation frameworks like Playwright or Puppeteer for visual comparison of the implementation. These are standard industry tools used here for legitimate verification and quality control purposes.

figma-to-spirit