pencil-mcp-get-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is a metadata-only tool definition designed to fetch design system specifications. It does not contain executable code or scripts.
- [PROMPT_INJECTION]: The skill contains 'Intent Recognition' instructions that act as a functional guardrail, instructing the agent to only trigger the tool when the user explicitly mentions 'Pencil', which helps prevent unintended tool activation.
- [DATA_EXPOSURE]: No patterns of sensitive data access, hardcoded credentials, or unauthorized data exfiltration were detected. The tool's purpose is to read public or project-specific design documentation.
- [NO_CODE]: This skill consists of documentation and configuration only. No Python or Node.js logic is provided within the analyzed files.
Audit Metadata