pencil-ui-design-spec-generator
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown instructions and documentation. It does not contain any scripts, binaries, or configuration files that execute logic on the host system.
- [SAFE]: No malicious patterns, hidden commands, or unauthorized data access were found in the instructions or metadata.
- [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by processing untrusted user design requests. Ingestion points: User-provided high-level requirements in SKILL.md; Boundary markers: The skill instructs the agent to follow a strict output format for the PENCIL_PLAN; Capability inventory: The generated plan leads the agent to execute calls to Pencil MCP tools; Sanitization: No explicit input sanitization or filtering is defined in the instruction text.
Audit Metadata