designlang-design-extract

SUSPICIOUS. The core website design-extraction purpose is plausible, but the skill expands trust in ways that are not fully proportionate: it forwards sensitive cookies/headers to third-party CLI code, processes arbitrary web content while writing project files, and instructs installation of another skill from a mismatched publisher. No confirmed exfiltration is shown, but the trust and data-flow model is risky.