Skills
skills/codereaper1/stitch-skills/stitch-loop/Gen Agent Trust Hub

stitch-loop

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute 'npx serve', which hosts a local development server to facilitate visual verification of the generated website pages.
  • [EXTERNAL_DOWNLOADS]: The skill fetches HTML source code and image assets from remote URLs provided by the Stitch MCP service tools to populate the local project directory.
  • [PROMPT_INJECTION]: The skill implements an autonomous 'baton' system that processes instructions for the next build task from a local file.
  • Ingestion points: The agent reads 'next-prompt.md', 'SITE.md', and 'DESIGN.md' files to establish context for the generation step.
  • Boundary markers: The skill employs YAML frontmatter as a structural delimiter for metadata and task instructions.
  • Capability inventory: The agent possesses capabilities for file system access, local Bash command execution, and interaction with the Stitch generation API.
  • Sanitization: Instructions extracted from the baton file are interpreted by the agent to determine the next action in the autonomous loop.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 11:49 PM