design-md
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured workflow for analyzing design assets and generating documentation. It interacts with the Stitch MCP server to retrieve project information from authorized sources.
- [EXTERNAL_DOWNLOADS]: The skill uses the
web_fetchtool to download HTML code and screenshots for analysis. These downloads target official Google Stitch domains (withgoogle.com) and are necessary for the skill's primary function of design synthesis. - [INDIRECT_PROMPT_INJECTION]: The skill processes external HTML data to extract design tokens. While this represents a potential ingestion surface for indirect prompt injection, the risk is mitigated by the skill's specific instructions to treat the content as data for technical extraction (CSS classes, patterns) rather than as instructions to be executed.
Audit Metadata