paper-design

The document is a specification for automating design→code sync between Paper and a codebase using a watcher that polls MCP and an external LLM (claude -p). It does not contain explicit malicious code, but it prescribes patterns that create significant supply-chain and data-exfiltration risk: invoking an external LLM with combined design+project context and writing outputs directly to the repository without human review or robust validation. Treat this as a security warning: implement strict authentication, sandboxing, output validation, human review gates, and CI signing before accepting generated changes into source control.