Skills
skills/codereaper1/stitch-skills/vue-components/Gen Agent Trust Hub

vue-components

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill executes scripts/fetch-stitch.sh to download HTML files from dynamic URLs using curl. This is a functional requirement for design retrieval. \n- [COMMAND_EXECUTION]: The agent uses the Bash tool to run local scripts and npm for managing dependencies and executing validation tools. \n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it fetches and processes external HTML content which could contain malicious instructions. \n
  • Ingestion points: External data is ingested via htmlCode.downloadUrl as described in SKILL.md. \n
  • Boundary markers: Absent; the skill does not wrap external data in protective delimiters. \n
  • Capability inventory: The agent can execute shell commands, write to the file system, and access the network. \n
  • Sanitization: No sanitization or filtering is applied to the fetched HTML before it is used for code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:26 AM