Skills
skills/lintendo/axhub-make/pencil-import-workflow/Gen Agent Trust Hub

pencil-import-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a shell command node scripts/check-app-ready.mjs /prototypes/<name> in Step 5. The <name> parameter is dynamically derived from Pencil Frame names, which are external data. This could allow for command argument manipulation if the source design files contain shell-sensitive characters in frame titles.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data (frame names, content, and dimensions) from the Pencil application to generate code and documentation.
  • Ingestion points: Data enters the context via mcp__pencil__get_editor_state and mcp__pencil__batch_get tools.
  • Boundary markers: None are defined in the instructions to separate external design data from the agent's instructions.
  • Capability inventory: The skill has the capability to write files (src/prototypes/) and execute shell commands (node scripts/...).
  • Sanitization: There is no mention of validation, escaping, or sanitization of the data retrieved from the design tool before it is used to construct files or shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:56 PM