stitch-design
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the run_command tool to execute curl -o commands for downloading design assets such as HTML and screenshots into the local .stitch/designs directory. This behavior is documented in the text-to-design.md and edit-design.md workflows.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch content from URLs provided by the Stitch MCP tool's output. These downloads occur during design system synthesis (via read_url_content) and asset synchronization (via curl).
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection within the generate-design-md.md workflow. If the designs being analyzed contain malicious instructions, they could poison the project's design system.
- Ingestion points: The agent uses the read_url_content tool to download and analyze HTML code from existing design screens to create a DESIGN.md file.
- Boundary markers: The instructions lack specific delimiters or instructions to ignore embedded commands or comments within the processed HTML content.
- Capability inventory: The skill has Write permissions to modify local files and uses the StitchMCP tool to generate or edit designs based on the synthesized DESIGN.md file.
- Sanitization: There is no mention of sanitization, filtering, or validation of the fetched HTML content prior to its analysis and use in the prompt pipeline.
Audit Metadata