web-to-figma-chrome-extension

SUSPICIOUS. The skill’s core behavior mostly matches its webpage-to-Figma purpose, and it does not request credentials or route data through a clear attacker endpoint. Risk comes from weak publisher/install provenance plus broad <all_urls> access and full-page capture capability, which are somewhat disproportionate and privacy-sensitive for an extension guide.