Skills
skills/anian0/pick-skills/pencil-design/Gen Agent Trust Hub

pencil-design

Fail

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install and run the @pencil.dev/cli package from the NPM registry using npm install and npx. This results in the execution of unverified third-party code that is not contained within the skill's distribution.
  • [EXTERNAL_DOWNLOADS]: The skill provides explicit instructions and curl commands to download and replace its own SKILL.md file from remote CDNs such as unpkg.com and jsdelivr.net. This creates a significant vector for remote instruction injection, where an external party could modify the skill's logic to perform malicious actions in future sessions.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for checking installations, performing user authentication (pencil login, pencil signup), and managing design generation operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-supplied text directly into the command-line arguments of the Pencil tool.
  • Ingestion points: The --prompt argument in the pencil command within SKILL.md captures user input.
  • Boundary markers: Absent. The instructions explicitly tell the agent to pass the user's request "exactly" as said without adding detail.
  • Capability inventory: The pencil CLI tool has the capability to write files to the local system (--out) and export images (SKILL.md).
  • Sanitization: No escaping, validation, or filtering of the user-provided prompt content is performed before execution.
Recommendations
  • HIGH: Downloads and executes remote code from: https://unpkg.com/@pencil.dev/cli@latest/SKILL.md - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 1, 2026, 03:46 PM