open-pencil-design-editor
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@open-pencil/cliand@open-pencil/mcppackages via the Bun package manager. It also references the@zed-industries/claude-agent-acpadapter for Claude Code integration. These downloads are directed at official package registries and repositories consistent with the product name. - [COMMAND_EXECUTION]: The skill documentation describes a CLI tool (
open-pencil) that performs operations on design files, such as structure inspection, XPath querying, and asset export. It includes anevalcommand designed to execute JavaScript against the Figma Plugin API for programmatic file modification. These commands are restricted to the context of the design files provided by the user. - [CREDENTIALS_UNSAFE]: The documentation references the use of environment variables for AI service providers (e.g.,
ANTHROPIC_API_KEY,OPENAI_API_KEY). It instructs the user to configure these keys via a local provider dropdown, which is a standard practice for local-first AI applications to maintain user privacy. - [PROMPT_INJECTION]: The skill has a data ingestion surface as it reads and parses content from native Figma (
.fig) files. - Ingestion points: Design data is read from external
.figfiles using CLI commands liketree,find, andquery(found in SKILL.md). - Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore embedded instructions when reading text from design nodes.
- Capability inventory: The skill possesses the capability to write back to files (
-w), export assets, and execute scripts via an internalevalcommand. - Sanitization: No specific sanitization or filtering of the text extracted from design files is documented in the skill instructions.
Audit Metadata