pencil-design
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's behavior is entirely consistent with its stated purpose of UI design and code generation. It uses platform-specific design tools to manipulate and read .pen files.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill reads content from external design files (.pen) that may contain user-provided text or names. * Ingestion points: The skill uses tools like pencil_batch_get and pencil_get_variables in SKILL.md and references/design-system-components.md to ingest design data. * Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore embedded instructions within the design data. * Capability inventory: The skill has access to modification tools (pencil_batch_design) and registry-related tools (shadcn_*) which could be misused if an injection is successful. * Sanitization: No evidence of sanitization or validation of input data from the design files was found.
Audit Metadata