None of the coordinators support anti-exfil so in part it's a chicken and egg problem, but hoping deterministic signature validation is incorporated into the psbt standard, that would be the best ux solution, rather than a second round of QR code exchange. Validating and deploying authentic software takes less than a minute, and we've always been about long term saving with bitcoin with relatively few spends, so card swap attack risk seems overblown when validating software is so fast and simple. With great power comes great responsibility, for those who are willing to assume the responsibility. Also, take a closer look at those emphasizing these issues and their motivations; it speaks to conflicts of interest that you've spoken about.

I can’t find any specs for it so it seems to be vendor proprietary for now. It would need to become a part of PSBTs somehow with SeedSigner’s model.