The skill’s Figma-to-code purpose is plausible, but it gives unsafe instructions for collecting and storing a Figma access token and keeps local feedback data without enough safeguards.
Review this skill before installing. Use it only if you are comfortable granting Figma design access and local project access, and do not paste access tokens into chat or store real tokens in a repository .env file. Configure credentials through a secure local secret mechanism, ensure secret files are ignored by version control, and delete or sanitize any feedback logs that may contain proprietary code or design details.