Skills
skills/elementsai-dev/cognia/pencil-to-code/Gen Agent Trust Hub

pencil-to-code

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill is susceptible to indirect prompt injection because it processes external design data to generate code output.
  • Ingestion points: The mcp__pencil__batch_get and mcp__pencil__get_variables functions in SKILL.md ingest data directly from external .pen files.
  • Boundary markers: There are no boundary markers or instructions to the agent to disregard natural language instructions found within the design file's text fields.
  • Capability inventory: The skill possesses the capability to read file structures, resolve variables, and generate executable React/Tailwind code. While the skill itself does not write files, its output is intended to be used by the agent to modify the local filesystem.
  • Sanitization: No sanitization or validation of the text content extracted from the .pen files is performed before it is used in code generation.
  • [Data Exposure] (LOW): The skill requires a file path as input to read design data. While standard for this utility, it lacks path validation, which could be exploited if an attacker can influence the filePath parameter to access unintended sensitive files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:34 PM