Skills
skills/phrazzld/claude-config/pencil-to-code/Gen Agent Trust Hub

pencil-to-code

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Vulnerability to Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill ingests untrusted data from external .pen files using the mcp__pencil__batch_get tool as defined in the workflow of SKILL.md.
  • Boundary markers: There are no boundary markers or 'ignore' instructions specified in the prompt logic to differentiate between design data and potential malicious instructions embedded in the design's text nodes.
  • Capability inventory: The skill allows the agent to generate and potentially write React component files (components/[ComponentName].tsx) and CSS files (app/globals.css), which represents a filesystem write capability that could be exploited.
  • Sanitization: The mapping rules in SKILL.md and references/node-mapping.md do not include any sanitization or validation logic to prevent the inclusion of executable scripts or injection payloads in the generated code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:56 PM