Skills
skills/gabelul/stitch-kit/stitch-design-system/Gen Agent Trust Hub

stitch-design-system

Warn

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local bash script scripts/fetch-stitch.sh with a download URL as an argument. The URL is retrieved dynamically from the Stitch API (htmlCode.downloadUrl). If the external service provides a maliciously crafted URL containing shell metacharacters, it could lead to command injection during the execution phase.
  • [PROMPT_INJECTION]: The skill processes data from external sources (Stitch API and downloaded HTML) which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context through the Stitch API (via get_project and get_screen) and the downloaded file temp/source.html in SKILL.md.
  • Boundary markers: The instructions do not define delimiters or specific "ignore embedded instructions" warnings for the agent when parsing the external design content.
  • Capability inventory: The skill utilizes the Bash tool for script execution and the Write tool for creating CSS and Markdown artifacts across all processing steps.
  • Sanitization: The skill lacks explicit sanitization or validation logic for the content fetched from the remote Stitch platform before it is used to generate code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 01:33 AM