figma-to-ai-prompter

SUSPICIOUS. The core capability is coherent with the stated Figma-to-prompt purpose and official Figma API use is appropriate, but install trust is weakened by a publisher/source mismatch: the skill is branded as ara.so while the code source is a personal GitHub repo with limited release provenance and an inconsistent npm install step. No direct credential harvesting or third-party credential proxying is shown, so this is not confirmed malicious, but it carries medium supply-chain risk.