pencil-design
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a set of best practices and rules for using the Pencil MCP tools. All identified patterns are consistent with the skill's stated purpose of UI design and code generation. External references and package recommendations (Tailwind CSS, shadcn/ui, Lucide) are well-known, trusted industry standards.\n- [PROMPT_INJECTION]: While the skill ingests data from external .pen files, which is an attack surface for indirect prompt injection, this is inherent to its core functionality of design-to-code translation. The risk is minimized by the highly specific and structured nature of the Pencil MCP tool operations.\n
- Ingestion points: Reads node properties, design tokens, and document structure from Pencil files via
pencil_batch_get,pencil_get_variables, andpencil_get_editor_state(found in SKILL.md and references/design-system-components.md).\n - Boundary markers: Absent. No explicit instructions are provided to distinguish between document content and agent instructions.\n
- Capability inventory: Uses tools to modify document state (
pencil_batch_design,pencil_set_variables) and generates React/TypeScript code (found in references/design-to-code-workflow.md).\n - Sanitization: Absent. The skill does not provide instructions to escape or sanitize content read from design files before processing.
Audit Metadata