pencil
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external
.pendesign files, creating a potential surface for indirect prompt injection if those files contain malicious instructions. - Ingestion points: Data is ingested from local files via tools such as
batch_get,get_editor_state, andget_variables(File: SKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to differentiate between design data and potential embedded commands.
- Capability inventory: The skill can execute design scripts (
batch_design), modify file variables (set_variables), and capture visual output (get_screenshot) (File: SKILL.md). - Sanitization: The skill does not describe any validation or sanitization of the content retrieved from the design files before it is processed by the agent.
- [COMMAND_EXECUTION]: The
batch_designtool uses a domain-specific language (DSL) described as 'operation scripts' to perform design changes. While this involves interpreting a series of commands, it appears restricted to the functionality of the Pencil design tool and does not indicate arbitrary shell execution.
Audit Metadata