figma

SUSPICIOUS: the skill’s purpose matches Figma management, and the CLI source is plausibly official, but the actual data flow is through Membrane as a third-party proxy/auth broker rather than directly to Figma. That makes the capability coherent yet higher risk than a direct Figma integration, especially because credentials are managed server-side by the intermediary and the CLI is installed globally from a mutable latest package.