The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to perform local system operations including directory creation (mkdir -p), writing binary files from base64 data (base64 -d), and installing software via pip3 install. These actions are necessary for managing evidence screenshots and Excel generation.
[REMOTE_CODE_EXECUTION]: Arbitrary JavaScript is executed within the Figma context using the figma_execute tool. This is used to programmatically traverse the Figma node tree, calculate bounding boxes for screenshots, and export UI components as PNG data.
[EXTERNAL_DOWNLOADS]: The skill depends on external packages including openpyxl from PyPI and the figma-console-mcp tool. These are documented as prerequisites for the skill's Excel and Figma integration capabilities.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted text from Figma comments. Ingestion points: Comments are fetched using figma_get_comments. Boundary markers: None (comments are parsed based on 'Key: value' patterns). Capability inventory: File system writing, Python script execution, and JavaScript execution in Figma. Sanitization: None; the skill directly extracts and reformats comment text for the audit report.

figma-a11y-audit