figma-context-mcp-cached

SUSPICIOUS: The skill's purpose and capabilities are broadly coherent for Figma access and caching, but trust is weakened because it installs a third-party MCP package from a different publisher identity and forwards a Figma API key into that external process. No clear exfiltration behavior is shown, so this is not confirmed malware, but it carries meaningful supply-chain and credential-handling risk.