Skills
skills/phrazzld/agent-skills/pencil-to-code/Gen Agent Trust Hub

pencil-to-code

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes content from external .pen design files and interpolates it directly into generated React/TypeScript code. This creates a surface for indirect prompt injection where malicious instructions embedded in design labels or text could influence the agent's output or the resulting application.\n
  • Ingestion points: Design data is ingested in SKILL.md using the mcp__pencil__batch_get and mcp__pencil__get_variables tools to read local .pen files.\n
  • Boundary markers: There are no boundary markers or instructions to ignore embedded commands when processing content from the design nodes.\n
  • Capability inventory: The skill generates executable React/TypeScript code and Tailwind configurations which are presented to the user or downstream processes.\n
  • Sanitization: There is no evidence of escaping or validation of the text content retrieved from the design file before it is placed into code templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 04:04 PM