Penpot Uiux Design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official Penpot MCP server from the repository at github.com/penpot/penpot-mcp.git.
- [COMMAND_EXECUTION]: The setup instructions guide the user to execute shell commands including git clone, npm install, and npm run bootstrap to prepare the local environment.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8).
- Ingestion points: The skill reads shape structures, text content, and component hierarchies from active Penpot design files using the mcp__penpot__execute_code tool.
- Boundary markers: No specific delimiters or instructions to ignore instructions embedded in the design data are present.
- Capability inventory: The skill has high capabilities within the Penpot environment, including creating, modifying, or deleting boards and shapes via arbitrary JavaScript execution.
- Sanitization: There is no evidence of sanitization or validation of the data retrieved from the design file before it is interpreted by the agent.
Audit Metadata