The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute npx playwright screenshot and the pixelmatch CLI. These commands are used to capture screenshots of the generated UI and compare them against the original design for visual regression testing.
[EXTERNAL_DOWNLOADS]: The instructions include logic to install the pixelmatch npm package globally if it is missing, as well as installing specific frontend libraries (e.g., Radix UI, Lucide icons, Recharts) depending on the requirements identified in the Figma design.
[DATA_EXPOSURE]: The skill reads project metadata, such as package.json and local configuration files in .claude/design-tokens/, to align the generated code with the existing design system and library preferences. This is standard behavior for a design-to-code automation tool.
[INDIRECT_PROMPT_INJECTION]: The skill processes external content from Figma URLs provided by the user. While this represents an attack surface where an attacker could place instructions within a Figma design to influence code generation, the risk is mitigated by the skill's structured intake process and the requirement for user confirmation before writing files.

figma-to-design-build