Skills
skills/buildbusinessdigitalmeg-ux/stitch-skills/stitch-loop/Gen Agent Trust Hub

stitch-loop

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a 'baton-passing' loop where the agent reads its next task from a local file (next-prompt.md). This creates an indirect prompt injection surface.
  • Ingestion points: The next-prompt.md file is parsed at the start of each iteration to determine the next page to build.
  • Boundary markers: The file structure uses YAML frontmatter but lacks delimiters or instructions to the LLM to ignore potentially malicious instructions embedded in the task description.
  • Capability inventory: The skill possesses Bash access, file Write capabilities for project integration, and access to the Stitch generation tool.
  • Sanitization: There is no evidence of sanitization or validation of the task content before it is processed.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to start a local web server using npx serve. This involves executing arbitrary commands and dynamically loading packages from the npm registry.
  • [EXTERNAL_DOWNLOADS]: The agent is instructed to download HTML and screenshot assets from URLs provided by the Stitch tool's output (htmlCode.downloadUrl and screenshot.downloadUrl) and save them to the local queue/ directory.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 08:09 AM