stitch-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local script
scripts/fetch-stitch.sh. This script is used to download design assets from a provided URL. - [EXTERNAL_DOWNLOADS]: The workflow downloads HTML source code from external URLs (
htmlCode.downloadUrl) generated by the Stitch MCP environment. This content is then utilized by specialized skills for code conversion tasks. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data from an external source to drive code generation.
- Ingestion points: HTML source code downloaded to
temp/source.htmlfrom dynamic URLs. - Boundary markers: Absent. The orchestrator does not provide delimiters or instructions to ignore embedded commands in the source data during the handoff to conversion tools.
- Capability inventory: The skill leverages powerful sub-skills capable of writing complex application code in multiple frameworks including Next.js, Svelte, React Native, and SwiftUI.
- Sanitization: No evidence of input validation or sanitization for the externally fetched HTML content before it is processed by conversion logic.
Audit Metadata