figma-to-html

SUSPICIOUS. The skill’s stated Figma export purpose is plausible, but its core conversion path forwards the user’s Figma token and design-derived data to an undocumented third-party/internal Baidu service over plain HTTP. Official Figma API usage is consistent, yet the non-Figma credential/data routing and lack of TLS make the overall footprint disproportionate and high risk.