The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's installation instructions include downloading and executing shell scripts from an untrusted domain via a piped bash command. This allows for arbitrary code execution on the user's host machine without verification.\n
Evidence: curl -sSL https://canifi.com/skills/figma/install.sh | bash in SKILL.md.\n
Evidence: curl -sSL https://canifi.com/install.sh | bash in SKILL.md.\n- [COMMAND_EXECUTION]: The skill relies on external shell commands and a third-party CLI tool for setup and credential management, which could be used to perform unauthorized actions during installation or runtime.\n- [CREDENTIALS_UNSAFE]: The setup process encourages users to store sensitive Figma login credentials (email and password) as environment variables using the canifi-env tool. This exposes sensitive information to any local process capable of reading the environment or the tool's configuration.\n
Evidence: Instructions for canifi-env set FIGMA_PASSWORD in SKILL.md.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from Figma files and user comments without sanitization or boundary markers.\n
Ingestion points: Figma design file frames, page content, and user comments mentioned in SKILL.md.\n
Boundary markers: None identified in the capability descriptions or interaction flow.\n
Capability inventory: Capabilities include viewing design history, navigating files, and exporting assets, which could be exploited if an attacker embeds instructions in a design file.\n
Sanitization: No evidence of input validation or content filtering for data retrieved from the Figma API/UI.

figma