The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a shell script (scripts/export-figma-node.sh) to interact with the Figma API. The script includes robust validation for FILE_KEY (alphanumeric, hyphens, underscores) and NODE_ID (digits, colons, hyphens) to prevent shell injection vulnerabilities. It also uses python3 for safe JSON parsing of API responses.- [EXTERNAL_DOWNLOADS]: Downloads images from the official Figma API (api.figma.com). This is a legitimate integration with a well-known service initiated by user requests. The script also validates that the final output path is relative and does not contain path traversal sequences (..).- [DATA_EXFILTRATION]: Authenticates with Figma using a user-provided FIGMA_ACCESS_TOKEN. The skill follows standard security protocols by advising users to store this sensitive token in a .env file and to ensure it is ignored by version control systems.- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized privilege escalation patterns were detected across the skill's instructions, scripts, or assets.

design-compare