ui-designer

No direct malicious code or backdoor is present in the provided skill description. The main security concerns are operational and supply-chain: (1) the unspecified general-purpose subagent that receives full images/text could leak sensitive data if it executes remotely — confirm its runtime and privacy guarantees before use; (2) commands that run npx/npm install are necessary for scaffolding but are supply-chain risk if executed automatically — require explicit user consent and pin package sources/versions. Recommend adding disclosure about where the Task tool runs, interactive confirmations before network installs or uploads, and explicit guidance on handling proprietary images/PII.