figma-design

SUSPICIOUS. The core purpose is coherent for a Figma extraction skill, and the official Figma MCP and direct REST API paths are proportionate. The main concern is the optional fallback to a third-party MCP that may receive the Figma API key, creating unnecessary credential-forwarding and supply-chain risk for a task that can be performed with official Figma tooling.