generating-components

[Skill Scanner] Credential file access detected BENIGN: The skill is coherently designed to generate UI components using established design systems and validation steps. It specifies appropriate dependencies, a clear data flow from user intent to generated code, and avoids requesting sensitive credentials or performing unsafe operations. No malicious behavior or credential harvesting is evident in the provided fragment. LLM verification: The skill's functionality (automated UI generation) is legitimate, but its mandatory model of scanning the repository and sending 'existingCode' and configuration context to opaque external AI services (Gemini MCP and 21st.dev) creates a meaningful risk of accidental exfiltration of secrets or proprietary code. There is no explicit malicious code in the fragment, but the operational design is risky for supply-chain security. Recommend immediate changes before adoption: enforce file-level denylis