pencil-mcp-batch-get
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious override or bypass instructions were found. The skill includes explicit instructions to verify user intent and only execute when the user specifically mentions 'Pencil'.
- [DATA_EXFILTRATION]: No unauthorized network operations or hardcoded credentials were detected. The skill interacts with design data within the defined MCP environment.
- [COMMAND_EXECUTION]: No shell commands, subprocess calls, or arbitrary code execution patterns are present in the skill or its examples.
- [REMOTE_CODE_EXECUTION]: No external script downloads or package installations are performed.
- [SAFE]: The skill defines a constrained interface for data retrieval with clear guidelines for the agent on when usage is appropriate.
Audit Metadata