pencil-ui-design-system-uviewpro
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate UI design system configuration for the uView Pro framework, including color palettes, typography, and component specifications. All tools called (
mcp__pencil__set_variables,mcp__pencil__batch_design) are scoped to UI document manipulation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it triggers automated actions based on untrusted user mentions of specific framework keywords.
- Ingestion points: User input mentioning 'uView Pro', 'uviewpro', or component names (SKILL.md).
- Boundary markers: None defined to isolate user-provided context from the design plan generation.
- Capability inventory: Ability to open documents, set global variables, and batch design elements via Pencil MCP tools (SKILL.md).
- Sanitization: No validation or escaping logic is described for user-supplied strings before they are applied to the design document variables.
Audit Metadata