Skills
skills/zseven-w/openpencil-skill/openpencil-design/Gen Agent Trust Hub

openpencil-design

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill documents a legitimate design workflow using the op CLI and MCP tools. It focuses on PenNode schema, semantic roles, and layout rules for vector design.
  • [COMMAND_EXECUTION]: The instructions include examples of shell commands for interacting with the op CLI. This includes using python3 as a utility to parse JSON IDs from command output, which is a standard development practice for CLI-based workflows.
  • [PROMPT_INJECTION]: The skill processes design data from various sources (JSON strings, DSL, SVG, and Figma files), which creates an attack surface for indirect prompt injection. \n
  • Ingestion points: op open, op import:figma, op import:svg, op design, and op insert (SKILL.md). \n
  • Boundary markers: None specified for user-provided data. \n
  • Capability inventory: The op CLI provides capabilities for file system access (op save, op theme:save), design manipulation, and submission of generated code chunks (op codegen:submit). \n
  • Sanitization: No specific sanitization or validation of the content of imported files is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 01:53 PM