ui-to-figma

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] This SKILL.md defines a plausible and useful automation for extracting design tokens, evaluating a UI with Playwright, applying design-consistent improvements, and exporting designs to Figma. It does not contain clear malicious code or obfuscation. The primary security concerns are operational: broad repository reads without exclusions, capture and potential upload of sensitive screenshots, and sending tokens/screenshots to an unspecified MCP server (possible exfiltration vector). Mitigations: enforce explicit user consent before any uploads or repository writes, add denylist/exclusion rules (e.g., .env, secrets directories, node_modules, .git), require explicit configuration and verification of the MCP server endpoint and authentication (including TLS), implement redaction/scan of screenshots and generated tokens for secrets prior to upload, and mandate that code modifications go through a reviewable branch/PR workflow. With those safeguards, the workflow is reasonable to use. LLM verification: No explicit malicious code or obfuscated backdoors are present in this SKILL.md fragment. The skill's declared capabilities match its instructions. However, there are supply-chain and data-exfiltration risks to consider: an unpinned 'pip install playwright' and subsequent browser binary downloads increase supply-chain attack surface, and the export step sends project artifacts and screenshots to a Figma MCP server whose endpoint and authentication model are unspecified — this could allow sensiti