The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from local brand identity files and potentially external Figma URLs, creating a surface for indirect prompt injection. * Ingestion points: Reads .moai/project/brand/visual-identity.md and accepts public Figma file URLs. * Boundary markers: The skill checks for _TBD_ completion markers but lacks explicit boundary delimiters or 'ignore' instructions for the data being processed. * Capability inventory: Uses Read, Write, Edit, Grep, and Glob tools to manage project files and output design configurations. * Sanitization: Includes visual patterns detection (AI slop detection) but does not verify the content of ingested text for malicious instructions.
[EXTERNAL_DOWNLOADS]: Supports optional extraction of design tokens from Figma's platform when a public URL is provided in the project configuration.
[SAFE]: Accesses local project configuration files and identity documents within the .moai/ directory to extract brand specifications, which is consistent with its stated purpose.

moai-domain-brand-design