pencil-mcp-search-all-unique-properties

BENIGN in purpose and data flow: the skill is narrowly scoped to Pencil design audits and does not collect credentials or route data to external services. However, it depends on a same-org Pencil MCP binary that is not publicly source-verifiable, so the overall security risk remains HIGH under the required unverifiable-binary rule.