penpot-mcp-operator
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
execute_codetool to run JavaScript snippets within the Penpot plugin context. This is the core functionality required to inspect and modify design files programmatically. - [DATA_EXFILTRATION]: The documentation contains strong security directives instructing the agent to never log, commit, or share the
userTokenrequired for remote MCP access, effectively mitigating credential exposure risks. - [PROMPT_INJECTION]: As the skill reads and processes data from active design files (such as layer names and object keys), it possesses an indirect prompt injection surface. However, the skill mandates a 'read-only probe' and 'API-first' workflow to ensure actions are based on verified structural data rather than untrusted content.
- [SAFE]: All external references, including documentation and code repositories, point to official Penpot domains and GitHub organizations, which are recognized as well-known and legitimate services for this skill's purpose.
Audit Metadata