pencil-renderer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill demonstrates a vulnerability surface for indirect prompt injection. 1. Ingestion points: DNA codes (layout, color, typography, etc.) and component metadata (name, dimensions) serve as entry points for untrusted data. 2. Boundary markers: None; the data is directly interpolated into property objects. 3. Capability inventory: The skill uses
mcp__pencil__batch_designwhich allows comprehensive modification of the design document andG()which triggers AI-based image generation. 4. Sanitization: There is no evidence of input validation or escaping before interpolation into the design operations. - [Dynamic Execution] (LOW): The skill utilizes a simple script generation pattern by assembling operation strings for the Pencil tool's DSL from predefined templates and user-provided DNA axis values.
Audit Metadata