pencil-mcp-set-variables
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is properly scoped to design tasks and includes proactive safeguards. It requires the agent to verify user intent specifically for the 'Pencil' tool, preventing misuse during unrelated tasks.
- [PROMPT_INJECTION]: Analysis of the instructions shows no attempts to override agent behavior, bypass safety protocols, or extract sensitive internal prompts.
- [DATA_EXPOSURE]: While the skill accepts file paths and variable data, these are standard inputs for the associated tool. No patterns of credential harvesting or sensitive file exfiltration were found.
Audit Metadata