pixel-perfect-ui

No clear code-level malware is present in this instruction file. The skill's capabilities align with its purpose (Figma -> component implementation + visual validation). However there are significant operational security concerns: mandatory auto-triggering without per-action consent, unspecified MCP server endpoints (potential third-party proxies), and execution of local scripts that are not included for review. These factors create a moderate supply-chain/data-exfiltration risk unless MCP services and scripts are audited and run under least privilege. Recommendation: treat as SUSPICIOUS until MCP endpoints and all referenced scripts are verified and user confirmation/consent and credential handling are tightened.