vibefigma-figma-to-react

SUSPICIOUS: The skill’s purpose broadly matches its capabilities, but it relies on executing an external npm tool from a publisher not clearly tied to the skill author and forwards sensitive Figma credentials directly to that tool. Data flows are mostly proportionate to Figma-to-code conversion, yet install-trust and credential-forwarding risks make the overall skill medium-to-high risk rather than benign.