Skills
skills/teachingai/full-stack-skills/pencil-mcp-batch-get/Gen Agent Trust Hub

pencil-mcp-batch-get

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a standard utility for interacting with the Pencil design platform. The instructions and examples provided align with its stated purpose of node searching and property inspection without any indications of malicious intent.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it reads node names and properties from external design files via the 'filePath' parameter.
  • Ingestion points: 'filePath' parameter in the tool call and node content read from the design file.
  • Boundary markers: None present in the skill instructions.
  • Capability inventory: Reading node hierarchy, names, and visual properties using the 'batch_get' tool.
  • Sanitization: No sanitization or validation of the retrieved node content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 10:48 AM