stitch-sdk-usage
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the
@google/stitch-sdkpackage from the official npm registry. This is a vendor-owned resource belonging to the author and is considered safe for use. - [SAFE]: The documentation follows security best practices by instructing users to use environment variables (
STITCH_API_KEY) for sensitive credentials rather than hardcoding them in scripts. - [SAFE]: Network interactions documented in the skill are restricted to official Google Cloud endpoints (
stitch.googleapis.com), ensuring that data communication remains within trusted infrastructure.
Audit Metadata