pencil-mcp-batch-design
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill definition and associated example files do not contain any malicious code, obfuscation, or unauthorized data access patterns.
- [PROMPT_INJECTION]: The skill uses explicit instructions to ensure the agent only invokes the Pencil design tool when the user's intent is clear. This is a safety best practice to prevent the model from misinterpreting general requests as specific tool commands.
- [DATA_EXFILTRATION]: No network operations, credential harvesting, or access to sensitive local files were identified. The tool operates solely on the provided design schema.
- [COMMAND_EXECUTION]: The skill does not execute shell commands or spawn subprocesses. It interacts with the platform via a defined MCP tool interface.
Audit Metadata