pencil-mcp-snapshot-layout
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The analysis of the skill content and the associated MCP tool reference did not reveal any malicious patterns, obfuscation, or unauthorized data access.
- [PROMPT_INJECTION]: The skill uses strong language like 'CRITICAL' to enforce intent verification. This is a defensive prompt design aimed at preventing the agent from misinterpreting user requests, which enhances safety rather than bypassing it.
- [DATA_EXPOSURE]: The tool accepts an optional
filePathparameter to specify which.penfile to analyze. This is a functional requirement for the design tool and does not indicate an attempt to access sensitive system files or credentials. - [INDIRECT_PROMPT_INJECTION]: Since the skill processes layout snapshots from external design files, there is a theoretical surface for indirect instructions. However, the skill's focus on structural hierarchy and bounds checking, combined with its restrictive intent recognition instructions, minimizes this risk.
Audit Metadata