sunnyside-figma-context-mcp

SUSPICIOUS. The functional scope mostly matches the stated Figma design-to-code purpose, and the documented credential/data flows are largely proportionate and local/Figma-directed. The main concern is install trust: the recommended source is an unverifiable personal GitHub repo with inconsistent publisher identity and weak release provenance, so the skill carries elevated supply-chain risk even without clear evidence of malicious exfiltration.