pen-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection as it reads existing .pen files and design guidelines that could theoretically contain malicious instructions. However, the operations are restricted to a structured design format.
- Ingestion points: Reading .pen files via
batch_getand orientation viaget_guidelinesandget_editor_state(SKILL.md, mcp-operations.md). - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: File modification (
batch_design), file creation (open_document), and visual verification (get_screenshot) (mcp-operations.md). - Sanitization: Not defined within the skill instructions.
- [Metadata Analysis] (SAFE): All metadata fields in SKILL.md accurately describe the design-related functionality and do not contain deceptive patterns or injections.
Audit Metadata