pencil-mcp-get-variables
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to the lack of sanitization when processing external data. Ingestion points: The
get_variablestool reads content from a.penfile specified by thefilePathparameter in SKILL.md. Boundary markers: The instructions do not define delimiters or specific isolation markers for the data retrieved from the file. Capability inventory: The skill is configured to use theget_variablestool; no other capabilities such as network operations or shell execution are present in the skill files. Sanitization: There are no instructions for the agent to sanitize or validate the design token data before it is incorporated into the conversation context.
Audit Metadata