pencil-mcp

SUSPICIOUS: the skill’s purpose is mostly coherent with its capabilities, and data flows appear to match official Pencil/Claude behavior. The main concern is install/execution trust: Pencil MCP is a closed, locally running dependency that is not publicly auditable, which makes the skill higher risk than a normal documentation-only design guide. Secondary risk comes from processing arbitrary workspace content while also writing files, creating prompt-injection exposure during design-to-code and code-to-design tasks.