Skills
skills/guerchele/my-skills/pencil-mcp-to-code/Gen Agent Trust Hub

pencil-mcp-to-code

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Potential for indirect prompt injection from untrusted design data.
  • Ingestion points: Design data is ingested from .pen files via tool calls like batch_get, get_variables, and snapshot_layout in SKILL.md and all files in the references/ directory.
  • Boundary markers: Absent. The instructions provide no guidance for the agent to distinguish between design content and potential malicious instructions embedded within that content.
  • Capability inventory: The skill enables the agent to generate and write production-ready code across a wide range of frameworks (React, Jetpack Compose, SwiftUI, WinUI 3, GTK 4, etc.).
  • Sanitization: Absent. The skill explicitly instructs the agent to 'Preserve content exactly' and 'Use the same text labels', which could lead to the inclusion of malicious scripts or logic if the source design file is compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 02:35 AM