The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using bash and python3 -c to decode base64 screenshot data and manage temporary files in the /tmp directory. Specifically, it uses shell piping and string interpolation to create and then delete image files.
[REMOTE_CODE_EXECUTION]: The skill dynamically assembles executable Python code and shell commands using data (specifically nodeId and base64 content) fetched from the external Figma API. Because these strings are interpolated directly into command templates, it creates a vector for code execution if the external data source is compromised or contains malicious content.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from Figma that influences subsequent high-privilege actions like command execution and Jira ticket creation.
Ingestion points: Data enters the system via the figma MCP server's get_metadata, get_design_context, and get_screenshot tools.
Boundary markers: Absent. The skill provides no instructions to treat Figma data as untrusted or to use delimiters to prevent instructions within the design from being interpreted by the agent.
Capability inventory: The skill has the ability to execute shell commands, run Python scripts, write/delete local files, and create/update issues in Jira.
Sanitization: Absent. There are no instructions or logic provided to sanitize the NODE_ID or base64 data before they are passed into shell and Python environments.

figma-to-jira