The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external design references such as Figma URLs and screenshots, which serves as a surface for indirect prompt injection where malicious content in the design could manipulate the agent's code generation logic.
Ingestion points: The skill ingests untrusted design-source data (URLs or local paths) into the agent's context for analysis in SKILL.md.
Boundary markers: Absent; no delimiters or instructions are used to isolate the design-derived data from the core system instructions.
Capability inventory: The skill uses the Write tool to create files and the Task() function to invoke other specialized agents.
Sanitization: Absent; there is no mention of validating or sanitizing the data extracted from design assets before it is used to generate code.
[COMMAND_EXECUTION]: The skill generates Drupal configuration (YAML), Twig templates, and SCSS based on dynamic analysis. It also provides instructions for executing Drush and DDEV commands to install and configure the generated modules, which are intended for manual user execution in a local environment.

design-to-drupal-paragraph