The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection surface via external design data. The skill fetches metadata, component names, and design annotations from user-provided Figma URLs using the mcp__plugin_figma_figma__get_design_context and mcp__plugin_figma_figma__get_metadata tools.
Ingestion points: Metadata and design context retrieved from Figma files are stored in internal variables and then written to briefing-tech.vN.md and specs.md (Step 4 and 5).
Boundary markers: The instructions do not define delimiters or specific 'ignore instructions' warnings when incorporating the externally fetched Figma content into the resulting technical documents.
Capability inventory: The skill possesses extensive file-system capabilities including Glob, Read, and the ability to write/overwrite files in the ai/specs/ directory.
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from Figma before it is processed by the agent.
[COMMAND_EXECUTION]: Path Traversal and Glob Injection risk. The skill directly interpolates the $ARGUMENTS variable into a file search pattern: ai/specs/*$ARGUMENTS*/briefings/briefing-tech.v*.md (Step 1). If a user provides malicious input containing path traversal sequences (e.g., ../../), they could potentially influence the agent to list or read files outside the intended feature folder scope.

lf-specs