Skills
skills/google-labs-code/stitch-skills/design-md/Gen Agent Trust Hub

design-md

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests and parses raw HTML assets from external projects which could contain hidden instructions intended to manipulate the agent.
  • Ingestion points: Identified in SKILL.md (Step 5), where the agent downloads HTML from dynamic htmlCode.downloadUrl locations.
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the fetched HTML code.
  • Capability inventory: The agent possesses Write permissions (to create DESIGN.md), web_fetch for network access, and access to stitch MCP tools for retrieving project metadata.
  • Sanitization: Absent. The agent is instructed to parse the HTML directly to extract Tailwind classes and component patterns without validation.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill uses web_fetch to retrieve design assets. While these URLs are dynamic, they are generated by the Stitch MCP server, and the associated documentation points to a trusted Google-affiliated domain (withgoogle.com).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM