pencil
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill involves executing the 'pencil' CLI tool for local design operations. This includes subcommands for design manipulation, state management, and layout analysis. The tool also features programmatic interfaces via '--eval' and '--script' flags for automated tasks.
- [EXTERNAL_DOWNLOADS]: The 'guidelines' command is used to fetch design rules. This represents a retrieval of external content to support the design process and is a built-in feature of the tool.
- [PROMPT_INJECTION]: The skill processes .pen design files which serve as untrusted data ingestion points.
- Ingestion points: External data is read from .pen files using the 'pencil get', 'pencil state', and 'pencil layout' commands.
- Boundary markers: No delimiters or safety instructions are defined to separate design data from potential embedded commands.
- Capability inventory: The agent possesses the capability to modify files via 'pencil design' and execute JavaScript via 'pencil --eval'.
- Sanitization: No input validation or sanitization of the design file contents is mentioned in the skill instructions.
Audit Metadata