cc-figma-component

SUSPICIOUS. The skill’s core behavior is largely coherent for Figma component generation and mainly targets official Figma APIs, but risk is elevated by transitive prerequisite skills, raw credential-file access, unpinned `npx rimraf` execution, and optional dynamic code execution guidance. This is not confirmed malicious and shows no clear third-party exfiltration path in the provided text, but it exceeds low-risk benign documentation/automation patterns.