pencil
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources and possesses capabilities to modify files.
- Ingestion points: Tools such as
batch_get,get_variables, andsnapshot_layoutread content from.pendesign files (SKILL.md). - Boundary markers: The instructions do not define explicit delimiters or warnings to ignore embedded instructions within the design data.
- Capability inventory: The skill can perform file modifications via
batch_design,set_variables, andopen_document(SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the content retrieved from design files before it is processed by the agent.
- [COMMAND_EXECUTION]: The 'MCP Server Configuration (Reference)' section contains a hardcoded absolute path to a local executable:
/Users/wandl/.trae/extensions/highagency.pencildev-0.6.15-universal/out/mcp-server-darwin-arm64. This is environment-specific information that should be generalized for portability and security.
Audit Metadata