Skills
skills/gabelul/stitch-kit/stitch-react-components/Gen Agent Trust Hub

stitch-react-components

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a bash script (scripts/fetch-stitch.sh) using a URL parameter derived from external tool output. If the agent interpolates this URL without strict sanitization, it could lead to shell command injection.
  • Evidence: SKILL.md contains the instruction: bash scripts/fetch-stitch.sh "[htmlCode.downloadUrl]" "temp/source.html".
  • [EXTERNAL_DOWNLOADS]: The skill uses a bash script to fetch content from remote URLs using curl. While the script is intended for Google Cloud Storage resources, it can be directed to any arbitrary URL.
  • Evidence: scripts/fetch-stitch.sh uses curl -L to download content to a local path.
  • [PROMPT_INJECTION]: The skill processes untrusted HTML data from external sources and uses it as the basis for generating React components. This creates a surface for indirect prompt injection, where malicious instructions hidden in the HTML could influence the generated code or agent behavior.
  • Ingestion points: temp/source.html (retrieved in Step 1).
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the source HTML.
  • Capability inventory: The skill has access to Bash, Write, and Read tools, which could be leveraged if an injection is successful.
  • Sanitization: Absent; the skill does not specify any validation or filtering of the retrieved HTML content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 02:42 AM