pencil-uiux-design

SUSPICIOUS: The skill's capabilities are coherent for UI/UX design and its data flows appear local and proportionate, but it depends on Pencil MCP tooling that external evidence describes as private-source and not independently verifiable. There is no strong sign of credential theft or exfiltration in this skill itself; the main concern is supply-chain/install trust from the required closed-source MCP dependency.