The Agent Skills Directory

[SAFE]: The skill's primary function is to map structured IR data to design tool API calls (MCP). It does not perform any unexpected network operations or local file system access beyond state management.
[SAFE]: No remote code execution patterns, external script downloads, or unverified package dependencies were detected.
[SAFE]: No hardcoded credentials or access to sensitive local configuration files (e.g., SSH keys, cloud credentials) were found.
[SAFE]: Indirect Prompt Injection Surface Evaluation:
Ingestion points: Processes external IR JSON files as described in SKILL.md.
Boundary markers: Not explicitly defined for the IR data stream.
Capability inventory: Uses Penpot MCP tools for design manipulation, such as create_page and create_text (references/penpot-mcp-tools.md).
Sanitization: Input data is mapped directly to tool parameters without specific sanitization steps described. The potential impact is restricted to the design workspace.

ui-convert-writer-penpot